If you run VMware’s Workspace ONE Unified Endpoint Management (UEM) product, you need to pay attention to security advisory VMSA-2021-0029, which is tied to CVE-2021-22054. In short, VMware’s advisory doesn’t say a lot other than this:
A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.
This rates as a 9.1 out of 10 which is pretty bad. Or put another way, you need to immediately drop what you’re doing and patch everything related to Workspace ONE immediately. VMware has made the patches available here. After you install the patches, you need to do the following:
- You need to edit the products
web.configfile with seven lines of code. - Reboot IIS
Here’s the thing. VMware points out, you’ll need to make those changes on “every single Windows server that has the UEM Console application installed in the environment.” And take it from me, large companies often don’t know what servers they have out there. Which makes this a very good time for companies to find out what they have out there if they run Workspace ONE.
Now I’ve done a couple of these these weekend for clients and I have about five more scheduled. Wish me luck and happy patching.