The Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency directive instructing organizations to react swiftly to mitigate the actions of threat actors exploiting vulnerabilities in VMware products.

In Emergency Directive 22-03, the agency has encouraged users to ensure they’re using the most updated form of the VMware software by installing the updates released last week from VMware.

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks.”

The affected VMware products include:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Per the CISA guidance on the organization’s website, federal civilian executive branch agencies have been asked to evaluate and enumerate their tech stacks for any affected VMware products and either deploy the updates or remove the software from the network until the updates can be applied.

CISA suggests that affected agencies assume compromise and disconnect the products off the network, and then report any anomalies to [email protected]

Leave a Reply

Your email address will not be published.

Recent news posts

This is a sample blog post title.
Featured Image

Holiday Weekend Leaves Many Vulnerable to Cyber Attacks

This is a sample blog post title.
Featured Image

Costa Rica Ransomware Attack Continues to Plague Citizens

This is a sample blog post title.
Featured Image

What the Crypto Crash Means for Cyber Crime

This is a sample blog post title.
Featured Image

Scaling, Improving and Automating Your GRC Strategy

This is a sample blog post title.
Featured Image

CISA Issues Emergency Directive 22-03, Encourages VMware Updates

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today