Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. (For reference: April 24, 2012 and May 3, 2012). It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.
Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected.
As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate.
Note: We encourage customers to view the May 3, 2012 security patch information as a resource: http://kb.vmware.com/kb/2019941 and http://www.vmware.com/security/advisories/VMSA-2012-0009.html