Your one-stop web resource providing safety and security information to manufacturers

Even after news came out about the OpenSSL Heartbleed bug 90 days ago, there are still systems that remain vulnerable.

More than half of deployed VMware vCenter servers (57 percent) and ESXi hypervisor hosts (58 percent) affected by the flaw are still unpatched, according to information collected by data analytics company CloudPhysics.

New OpenSSL Flaw Found after 16 Years
OpenSSL Security Advisory Released
Heartbleed Goes Wireless
Siemens Patches Heartbleed Holes

VMware pushed out security updates for its products that fixed the vulnerability in the two weeks following the discovery, so the problem here are the administrators of the virtual datacenters.

“I speculate that IT teams are more lax about patching ESXi since those machines are typically behind the firewall and not easy to reach from the outside world,” said Irfan Ahmad, co-founder and CTO at CloudPhysics in a blog.

Cyber Security

“However, that laxity doesn’t make the delay in patching a good idea. For one thing, insider attacks continue to be a major source of breaches. Another consideration is that if outside attackers do manage to infiltrate a low privilege service inside your firewall, you have just given them carte blanche to attack your most sensitive data.”

All in all, their data found a high 40 percent of the organizations in its global user base have at least one vCenter server or ESXi host that is still vulnerable.

“Many security experts have predicted that it could take months to years to finally get rid of Heartbleed. Sadly, at least for VMware infrastructure, this seems to be true,” he said.

Pin It on Pinterest

Share This