US directs federal agencies to update or remove certain VMWare products from networks


WASHINGTON, May 18 (Reuters) – The U.S. cybersecurity watchdog on Wednesday ordered federal authorities to update or remove a series of products made by digital services company VMWare Inc (VMW.N), saying that hackers were actively using vulnerable versions of the products to break into targeted organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that hackers had successfully reverse engineered recent updates to VMWare products and were using knowledge to target older versions and hack unpatched devices.

Affected products include VMware Workspace ONE Access, which is intended to provide centralized access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.

Join now for FREE unlimited access to


CISA said any unpatched VMWare device still accessible from the Internet should be assumed to be compromised.

VMWare, which parted ways with Dell Technologies Inc (DELL.N) last year, told its customers in a blog post, “It is extremely important that you take prompt action to correct or mitigate these issues in on-site deployments.

CISA Director Jen Easterly said in a statement that vulnerabilities in older versions of VMWare products pose “an unacceptable risk to the security of the federal network.”

“We also strongly urge all organizations — large and small — to follow the lead of the federal government and take similar steps to protect their networks,” she said.

Join now for FREE unlimited access to


Reporting by Raphael Satter; Editing by Jonathan Oatis and Richard Pullin

Our standards: The Thomson Reuters Trust Principles.


Comments are closed.