IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found over 45,000 instances that have reached end-of-life (EOL). The company discovered 79,000 VMware ESXi instances operated by 6.000 organizations.
VMware ESXi 6.5 and VMware ESXi 6.7 have reached end-of-life and will only receive technical support. The virtualization giant was offering 2 years of extended support for ESXi 6.5 and 6.7, the support was offered until October 15, 2024.
“In order to get continuous support, you have to buy the extended support before the end of General Support. This extended support does not include updates for 3rd party Software packages. There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” reads the post published by Lansweeper. “If you have purchased the 2-year extended support, you can also claim 1 extra year of technical guidance from the end of extended support (i.e. until October 15, 2025).”
The servers that have reached EOL will no longer receive updates making them privileged targets for threat actors.
The total number of VMware ESXi servers reaching End of Life is 45,654 , below are the results of the scan performed by Lansweeper:
This means that majority of the ESXi instances have reached EOL, while 15.8% of the servers run older versions (from 3.5.0 to 5.5.0).
Let’s remember that it is very important to keep VMware ESXi servers up to date, numerous cybercrime and ransomware gangs (i.e. New Luna, Black Basta, LockBit, AvosLocker, HelloKitty, BlackMatter, GwisinLocker, ALPHV/BlackCat, Hive) targeted organizations running vulnerable servers.
“Keeping an accurate inventory of your virtual machines can be challenging.” concludes the post.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMware)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.