The Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency directive instructing organizations to react swiftly to mitigate the actions of threat actors exploiting vulnerabilities in VMware products.

In Emergency Directive 22-03, the agency has encouraged users to ensure they’re using the most updated form of the VMware software by installing the updates released last week from VMware.

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks.”

The affected VMware products include:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Per the CISA guidance on the organization’s website, federal civilian executive branch agencies have been asked to evaluate and enumerate their tech stacks for any affected VMware products and either deploy the updates or remove the software from the network until the updates can be applied.

CISA suggests that affected agencies assume compromise and disconnect the products off the network, and then report any anomalies to [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent news posts

This is a sample blog post title.
Featured Image

Twitter’s New Ownership Sparks Changes to Security Structure

This is a sample blog post title.
Featured Image

Latin America Cyber Community Challenges Fast-Growing Threat Landscape

This is a sample blog post title.
Featured Image

Third-Party Threats Pose Problems for Healthcare Sector

This is a sample blog post title.
Featured Image

CISA, FBI Cite No Specific Cybersecurity Threat to Midterm Elections

This is a sample blog post title.
Featured Image

Atlanta Keynote Highlights: Hadas Cassorla

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today