Multiple Vulnerabilities in VMware Products Could ...

kpubmcc · ‎06-26-2023

We are on 7.0 u3l. Per the links below we need to upgrade to 7.0 u3m. With 7.0 u3m just being released, is it stable and ready for production or do we need to let it bake longer before making the upgrade? I am always leery with security patches/upgrade that have been recently released.

https://www.vmware.com/security/advisories/VMSA-2023-0014.html

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-products-could-allow-for-arbi...

SYSTEMS AFFECTED:

VMware - VMware vCenter Server (vCenter Server) versions prior to 8.0 U1b
VMware - VMware vCenter Server (vCenter Server) versions prior to 7.0 u3m
VMware - VMware Cloud Foundation (vCenter Server) versions prior to 7.0 U3m, 8.0 U1

Kinnison · ‎06-26-2023

Hi,

I could be wrong but in my opinion it will be quite difficult that you will be able to find an unambiguous answer in the context of a forum. In the end it just depends on your / your company policies for handling information security related matter and consequently how to act and when.

Regards,
Ferdinando

kpubmcc · ‎06-26-2023

Spoiler

really? I would expect that with the release of the vulnerability notice last week, several entities would be early adopters and have already applied the update to 7.0 u3m. I understand that it may take time for bugs to show up for that version, but I am asking for any word on initial stability issues since it has just been released.

Kinnison · ‎06-26-2023

Hi,

I understand your point but what I'm saying it's that individual personal opinions (born of equally personal experiences) are not enough to determine whether or not a product version is suitable to be used in a production context like yours which is certainly different from mine or someone else's. Nothing more nothing less.

Regards,
Ferdinando

All

Multiple Vulnerabilities in VMware Products Could Allow for Arbitrary Code Execution