VMware is aware of suggestions that the recent defacement of the OpenSSL Foundation website (http://www.openssl.org/news/secadv_hack.txt) may be as a result of a hypervisor compromise.
The VMware Security Response Center has actively investigated this incident with both the OpenSSL Foundation and their Hosting Provider in order to understand whether VMware products are implicated and whether VMware needs to take any action to ensure customer safety.
We have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error.
VMware recommends the use of vCloud Director in deployment scenarios that require secure Internet facing access to Virtual Center and ESXi. In the event that Virtual Center is directly Internet facing VMware recommends customers remain current with patches and updates and that they follow the best practices in the vSphere Security Hardening guides https://www.vmware.com/support/support-resources/hardening-guides.html.
via VMware Blogs http://blogs.vmware.com/security/2014/01/recent-openssl-website-defacement.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.