“Patch Tuesday” has been in the IT lexicon for as long as I remember. For many, many years Tuesday has been Microsoft’s designated day to release patches to Windows. In recent years, due to the rise of cybercrime and ransomware, patching your systems has become infinitely more critical.
Of those who regularly apply patches, most of the attention tends to go to patching Windows. However, if you thought just patching your Windows systems kept you safe, guess again. According to ZDNet, cybercriminals are using VMware vulnerabilities to encrypt virtual disks from the ESXi hosts. Specifically, they are using the CVE-2019-5544 and CVE-2020-3992 vulnerabilities.
As always, read the release notes before applying patches. Here’s a quick guide to patching and updating your systems. We like to schedule regular maintenance window after hours (usually monthly) to review and apply all patches and updates.
We urge you to add your VMware hosts to your regular patching and maintenance schedule!