Daniel Micanek virtual Blog – Like normal Dan, but virtual.
Carbon Black Senior Technical Marketing Architect Joshua Knox speaks about the risks that containers and Kubernetes introduce to your organization, where to start with security, and how to automate compliance and manage risk at scale without impacting business agility. He answers customers’ […]
vSphere allows assigning GPU devices to a VM using VMware’s (Dynamic) Direct Path I/O technology (Passthru) or NVIDIA’s vGPU technology. The NVIDIA vGPU technology is a core part of the NVIDIA AI Enterprise suite (NVAIE). NVAIE is more than just the vGPU driver. It’s a complete technology stack […]
Converting VirtualBox VDI (Virtual Disk Image) to VMDK for use with ESXi 8.x
If you are converting an Oracle VirtualBox VDI (Virtual Disk Image) to a VMDK for use with VMware ESXi, you might come across the following error: Unsupported or invalid disk type 2 for ‘scsi0:0’. Ensure that the disk has been imported The invalid disk type 2 is typically a giveaway that the VMDK was mostly […]
Will this Arm SoC work with ESXi-Arm?
The number of Arm-based hardware kits has grown significantly in the last couple of years. Today, there are many more options to choose from including different form factors and even hardware from some of the more traditional x86 vendors, which also demonstrates the market opportunity and the demand for Arm-based workloads. Running ESXi-Arm is definitely […]
Holo Toolkit 2.0 Overview
VCF Holodeck Toolkit Overview The VMware Cloud Foundation (VCF) Holodeck Toolkit is designed to provide a scalable, repeatable way to deploy nested Cloud Foundation hands-on environments directly on VMware ESXi hosts. These environments are ideal for multi-team hands on exercises exploring the capabilities of VCF delivering a Customer Managed VMware Cloud. Delivering VCF labs in a nested form
With vSphere 8.0 update 1, VMware has completed their journey to a completely native end-to-end NVMe storage stack. Prior to 8.0U1, there was a SCSI translation layer which added some complexity to the stack and slightly decreased some of the efficiencies inherent in the NVMe protocol.
ONTAP 9.12.1 added support for secure authentication over NVMe/TCP as well as increasing NVMe limits (viewable on the NetApp Hardware Universe [HWU]).
For more info and source blog please check great post How to Configure NVMe/TCP with vSphere 8.0 Update 1 and ONTAP 9.13.1 for VMFS Datastores
Clearing TPM alarms after replacing TPM chip or resetting TPM keys for ESXi
If you have a supported Trusted Platform Module (TPM) device that has been installed in your ESXi host after the initial installation and you either replace the TPM chip and/or you reset the TPM keys within the system BIOS, you may find several TPM alarms that is raised within your vCenter Server including: Host TPM […]
vSphere Tech Sessions at VMware Explore
Breakouts, Tutorials, and Meet-the-Experts With Explore in Las Vegas approaching, and the catalogue now live, I wanted to draw your attention to some of the vSphere-specific technical session we’ll have at the show. Make sure to add them to your favorites after registration to get the latest and most detailed technical information, specific to vSphere and vSphere announcements. Yes, these are
Multiple memory corruption vulnerabilities in VMware vCenter Server were privately reported to VMware.
Please update ASAP – Risk: for network access to vCenter Server.
Advisory ID: VMSA-2023-0014
CVSSv3 Range: 5.9 - 8.1
Issue Date:2023-06-22| Product | CVE Identifier | CVSS v3 | Fixed Ver | Links |
| vCenter Server 8.0 | CVE-2023-20892 CVE-2023-20893 CVE-2023-20894 CVE-2023-20895 | 8.1 | 8.0 U1b | None |
| vCenter Server 8.0 | CVE-2023-20896 | 5.9 | 8.0 U1b | None |
| vCenter Server 7.0 | CVE-2023-20892 CVE-2023-20893 CVE-2023-20894 CVE-2023-20895 | 8.1 | 7.0 U3m | None |
| vCenter Server 7.0 | CVE-2023-20896 | 5.9 | 7.0 U3m | None |
| Cloud Foundation (vCenter Server) 5.x | CVE-2023-20892 CVE-2023-20893 CVE-2023-20894 CVE-2023-20895 | 8.1 | 8.0 U1b | KB88287 |
| Cloud Foundation (vCenter Server) 5.x | CVE-2023-20896 | 5.9 | 8.0 U1b | KB88287 |
| Cloud Foundation (vCenter Server) 4.x | CVE-2023-20892 CVE-2023-20893 CVE-2023-20894 CVE-2023-20895 | 8.1 | 7.0 U3m | KB88287 |
| Cloud Foundation (vCenter Server) 4.x | CVE-2023-20896 | 5.9 | 7.0 U3m | KB88287 |
Description:
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
Description:
The vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
Description:
The vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
Description:
The vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
Description:
The vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
vSphere Virtual TPM (vTPM) Introduction Design and Operation (Slides)
Presentation slides from the vSphere Virtual TPM (vTPM) Introduction, Design, and Operation talk by Bob Plankers