VMware explicitly asks customers to patch their Horizon servers against the Log4j vulnerability. That one, meanwhile, is being actively exploited.
Attackers are actively targeting VMware Horizon servers that are vulnerable to Log4Shell. That series of bugs in Log4j allows them to take control of a server over the Internet. Hackers gain access to the network, can steal data and roll out ransomware.
Patch available
Just about the entire VMware portfolio was vulnerable to Log4Shell, but the software giant did not delay in rolling out patches. An update for Horizon has been available for some time, but VMware sees that customers still delay installing it. Those who do not install the update, however, are very vulnerable to the critical vulnerability.
However, the information is not new. Log4Shell was already discovered in early December, and in early January it became clear that attackers were specifically targeting VMware Horizon.
Unjustified wait and see
As usual, some customers remain stubbornly waiting. “Even with our VMWare Security Alerts and continued efforts to contact customers directly, we see that some companies have not yet rolled out the patch,” a spokesperson commented. Nevertheless, the danger is very real, with hackers looking specifically for vulnerable Log4Shell servers to make their move.
read also
VMware calls for urgent patching of Horizon servers
We often see this pattern in major attacks. Despite the importance of the patch, installing it seems like too much trouble for some organizations. They fear compatibility problems or costly downtime. In practice, of course, the impact of a successful attack is much greater. Moreover, if sensitive data is stolen, European organizations may be liable under the GDPR. After all, anyone who has not patched today is not handling that data responsibly.