VMware posts updates for security flaws

VMware his issued a security update to address denial of service flaws in its vSphere and ESX platforms.

The company said that the update would address a flaw in the vSphere API which. If exploited, would allow an attacker to perform a denial of service attack capable of disabling the target server.

According to VMware, the flaw exists in the way vSphere handles API requests. By sending a specially crafted API request to the targeted server, the attacker would be able to cause the system to crash.

The company said that the flaw exists in both its ESX and ESXi offerings.

In addition to the security patch, the company is releasing security updates for a number of open source components used by the ESX Service Console.

VMware is advising administrators to update both ESX and ESXi in order to protect against the vulnerability.

Eric Chiu, president and founder of virtualisation security firm HyTrust, said that as virtualised deployments become more common, keeping hypervisor and virtualisation platforms patched and secured has become a growing concern for enterprises.

"This really shows how vulnerabilities can be exploited, and how important it is to secure today's virtualisation and cloud environments," Chiu said.

"After all, this is the new 'OS' of the datacenter and provides access to the virtual machines, the virtual network and mission critical enterprise applications, and the virtualised storage resources as well."