This content is for members only. Please and try your request again.

DHS CISA directs civilian agencies to patch ‘critical’ VMware vulnerabilities

“The Cybersecurity and Infrastructure Security Agency issued an emergency directive Wednesday requiring federal civilian agencies to patch vulnerable VMware products that could be chained together for full system control.

If agencies aren’t able to deploy necessary updates within five days by May 23 to the affected VMware services, they must take them off agency networks immediately until an update is possible, per the directive…

VMware itself called the vulnerabilities ‘critical,’ rating them 9.8 out of 10 in severity.

‘CISA has determined that these vulnerabilities pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies and require emergency action,’ the directive says. ‘This determination is based on the confirmed exploitation of [prior vulnerabilities] by threat actors in the wild, the likelihood of future exploitation of [the new vulnerabilities], the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.’…” Read the full article here.

Source: CISA directs civilian agencies to patch ‘critical’ VMware vulnerabilities – By Billy Mitchell, May 18, 2022. FedScoop.


This topic has 0 replies, 1 voice, and was last updated 1 month, 1 week ago by Jackie Gilbert.

Viewing 0 reply threads

You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.

G2Xchange FedCiv

Log in with your credentials
for G2Xchange Health

Forgot your details?