This morning, and also last week several VMware security updates and new announcements arrived in my mailbox. The name a few:
- VMSA-2016-0009 – VMware vCenter Server updates address an important reflective cross-site scripting issue (announcement).
- VMSA-2016-0005.4 – VMware product updates address critical and important security issues (update).
- VMSA-2015-0009.3 – VMware product updates address a critical deserialization vulnerability (update).
- VMSA-2015-0007.6 – VMware vCenter and ESXi updates address critical security issues (update).
It’s hopefully no news for you, that you should always investigate if these announcements/updates might affect your environment. Review each security advisory and determine which patches/updates are required for your environment.
To monitor all latest security updates you can follow the VMware Security Advisories (VMSAa) webpage. There’s also a mailing list available which I would recommend to follow, just submit your e-mail address in the sign up text box on the VMSA webpage.