If you run VMware’s Workspace ONE Unified Endpoint Management (UEM) product, you need to pay attention to security advisory VMSA-2021-0029, which is tied to CVE-2021-22054. In short, VMware’s advisory doesn’t say a lot other than this:
A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.
This rates as a 9.1 out of 10 which is pretty bad. Or put another way, you need to immediately drop what you’re doing and patch everything related to Workspace ONE immediately. VMware has made the patches available here. After you install the patches, you need to do the following:
- You need to edit the products
web.config file with seven lines of code. - Reboot IIS
Here’s the thing. VMware points out, you’ll need to make those changes on “every single Windows server that has the UEM Console application installed in the environment.” And take it from me, large companies often don’t know what servers they have out there. Which makes this a very good time for companies to find out what they have out there if they run Workspace ONE.
Now I’ve done a couple of these these weekend for clients and I have about five more scheduled. Wish me luck and happy patching.
Like this:
Like Loading...
Related
This entry was posted on December 19, 2021 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
VMware Workspace ONE Security Issue Sends Customers Scrambling To Patch Everything
If you run VMware’s Workspace ONE Unified Endpoint Management (UEM) product, you need to pay attention to security advisory VMSA-2021-0029, which is tied to CVE-2021-22054. In short, VMware’s advisory doesn’t say a lot other than this:
A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.
This rates as a 9.1 out of 10 which is pretty bad. Or put another way, you need to immediately drop what you’re doing and patch everything related to Workspace ONE immediately. VMware has made the patches available here. After you install the patches, you need to do the following:
web.configfile with seven lines of code.Here’s the thing. VMware points out, you’ll need to make those changes on “every single Windows server that has the UEM Console application installed in the environment.” And take it from me, large companies often don’t know what servers they have out there. Which makes this a very good time for companies to find out what they have out there if they run Workspace ONE.
Now I’ve done a couple of these these weekend for clients and I have about five more scheduled. Wish me luck and happy patching.
Share this:
Like this:
Related
This entry was posted on December 19, 2021 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.