I bet by
now you have heard about the Heartbleed vulnerability - CVE-2014-0160.
It’s a bug on OpenSSL
cryptographic software library which could be exploited to steal information
through it’s engine.
Hundreds of
softwares and products around the world uses OpenSSL to encrypt and protect the
information through the Internet.
Well,
VMware is not an exception, several VMware’s products were affected by the bug,
(if you are in doubt about what products were affected, this KB2076225 made a list of
them) but VMware is also an exception when dealing with customers top priority,
as security and risk of it’s assets, so as of April 20th ALL VMware products
were remediated.
It’s up to
you now, go out there and update your products and eliminate that risk out of
your environment.
VMware also
provided a Security Advisory (VMSA-2014-0004.6), which contains the links for the
updated version of all products.
Here’s also
a good video to learn how Heartbleed attack works
OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics from Elastica Inc on Vimeo.
Don’t wait
until tomorrow to secure your environment !!!