VMware Cloud Community
kpubmcc
Contributor
Contributor

Multiple Vulnerabilities in VMware Products Could Allow for Arbitrary Code Execution

We are on 7.0 u3l. Per the links below we need to upgrade to 7.0 u3m. With 7.0 u3m just being released, is it stable and ready for production or do we need to let it bake longer before making the upgrade? I am always leery with security patches/upgrade that have been recently released. 

https://www.vmware.com/security/advisories/VMSA-2023-0014.html

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-products-could-allow-for-arbi...

SYSTEMS AFFECTED:

  • VMware - VMware vCenter Server (vCenter Server) versions prior to 8.0 U1b
  • VMware - VMware vCenter Server (vCenter Server) versions prior to 7.0 u3m
  • VMware - VMware Cloud Foundation (vCenter Server) versions prior to 7.0 U3m, 8.0 U1
3 Replies
Kinnison
Commander
Commander

Hi,


I could be wrong but in my opinion it will be quite difficult that you will be able to find an unambiguous answer in the context of a forum. In the end it just depends on your / your company policies for handling information security related matter and consequently how to act and when.


Regards,
Ferdinando

kpubmcc
Contributor
Contributor

Spoiler
really? I would expect that with the release of the vulnerability notice last week, several entities would be early adopters and have already applied the update to 7.0 u3m. I understand that it may take time for bugs to show up for that version, but I am asking for any word on initial stability issues since it has just been released.
Reply
0 Kudos
Kinnison
Commander
Commander

Hi,


I understand your point but what I'm saying it's that individual personal opinions (born of equally personal experiences) are not enough to determine whether or not a product version is suitable to be used in a production context like yours which is certainly different from mine or someone else's. Nothing more nothing less.


Regards,
Ferdinando

Reply
0 Kudos