CISA Warns VMWare Products Are Vulnerable To Hacking, Users Must Update Their Systems

JAKARTA - The US cybersecurity watchdog on Wednesday, May 18 ordered federal officials to update or remove many products made by digital services company VMWare Inc. They say hackers are actively using vulnerable versions of the product to break into targeted organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that hackers had managed to reverse engineer the latest updates made to VMWare products and use the know-how to target older versions and hack into unpatched devices.

Affected products include VMware Workspace ONE Access, which is intended to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.

CISA says that unpatched VMWare devices that are still accessible from the internet should be considered compromised.

VMWare, which split from Dell Technologies Inc last year, told customers in a blog post that, "It is critical that you take immediate steps to patch or mitigate this issue in your on-premises deployment."

CISA Director Jen Easterly said in a statement that vulnerabilities in older versions of VMWare products pose an "unacceptable risk to federal network security."

"We also strongly urge every organization — large and small — to follow the lead of the federal government and take similar steps to protect their networks," Easterly said.