Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner Broadcom has released a fix for CVE-2024-37085 on June 25, 2024 and credited Microsoft’s researchers for flagging it, but did not mention that the vulnerability – at that time, a zero-day – was under active exploitation. Attackers exploiting CVE-2024-37085 “ESXi is a bare-metal hypervisor … More

The post VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) appeared first on Help Net Security.