Microsoft Threat Intelligence – a vulnerability used by various ransomware operators to get full administrative access to domain joined ESXi hypervisors and encrypt the virtual machines running on them the vulnerability involves creating a group called ‚ESX Admins‘ in Active Directory and adding an attacker controlled user account to this group this manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor
Microsoft Threat Intelligence – Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
This entry was posted on Freitag, November 1st, 2024 at 21:22 and is filed under Administration, Security Solution. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.