Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: February 2013

Monthly Archives: February 2013

CIS and DISA CP&C toolkit update

Hi All,

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of latest Center for Internet Security (CIS) and Defense Information Security Agency (DISA) Compliance toolkit packages for VMware vCenter Configuration Manager (VCM).

The highlights of this release are as below:

  1. CIS has new content for
    • AIX 5.3-6.1 and
    • RHEL 6
  2. DISA has new content for
    • HP-UX 11.23 and 11.31
    • Solaris 10
    • AIX 6.1 and
    • RHEL 5

Continue reading

Patch Tuesday Overview – February 2013

For this month’s Patch Tuesday Microsoft released 12 bulletins of which five were rated as Critical and seven as Important updates, addressing a total of 57 vulnerabilities across Internet Explorer, .NET Framework, Office, Windows and Exchange Server.

For those who need to prioritize deployments, there are 3 security bulletins that will need to be addressed right away.

MS13-009 addresses 13 issues across all supported versions of Internet Explorer and MS13-010 addresses issues in the Vector Markup Language (VML) which is used by all versions of Internet Explorer. Both of these issues could allow Remote Code Execution if a user viewed a specially crafted webpage using Internet Explorer.

MS13-020 affecting Windows XP resolves an issue in Microsoft Windows Object Linking and Embedding (OLE) Automation which could allow Remote Code Execution if a user opens a malicious RTF file with an embedded ActiveX control in either Word or WordPad.

In addition to the above mentioned bulletins, for the second time in less than a week, both Microsoft and Adobe released Critical-class bulletins (KB2805940 and APSB13-05) to update Flash Players. These updates address at least 16 distinct vulnerabilities including buffer overflow and use-after-free vulnerabilities that could lead to Code Execution.

All the above mentioned bulletins are now available for deployment via VMware vCenter Configuration Manager (VCM).

Aravind Kolipakkam
Sr. Member of Technical Staff, VMware Center for Policy & Compliance

VMware CP&C releases VMware vSphere 5.0 Hardening Guide Dec 2012 (v1.2) Compliance toolkit in VCM!

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the release of VMware vSphere 5.0 Hardening Guide Dec 2012 (v1.2) Compliance toolkit in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite. (vC Ops).

The highlights of this release are as below:

  1. Package aligned with the latest version of VMware vSphere 5.0 Hardening Guide i.e. v1.2 released in Dec 2012
  2. The package now comes in 4 versions:
  • Full – Has all recommendations present in the hardening guide
  • Profile 1 – Has only Profile 1 recommendations
  • Profile 2 – Has only Profile 2 recommendations
  • Profile 3 – Has only Profile 3 recommendations

Continue reading

vSphere 5.1 Hardening Guide **DRAFT** now available

Hello? Is this thing on?

A brief intro for those that don’t know me and my new role. My name is Mike Foley. I’m a Sr. Technical Marketing Manager, working for Charu Chaubal in VMware’s Technical Marketing group. My primary role is that of technical marketing support for security of the core vSphere platform. I come from RSA, where I was their virtualization evangelist/go-to guy for many years. My personal blog is at http://yelof.com and I’m on Twitter as @mikefoley.

I would like to announce the **draft** release of the vSphere 5.1 Security Hardening Guide.  This initial draft release has taken the 5.0 guide and updated it for 5.1. What it does NOT contain at this time is a complete review of functionality around the new 5.1 SSO capabilities. We are working on those parts and hope to have an updated draft very soon.

We’d love to hear your feedback, good and bad, on the contents of the guide. I would encourage you to post your reply in the Security and Compliance Communities forum but if you have more sensitive concerns, send it to me at mfoley@vmware.com.

The vSphere 5.1 Security Hardening Guide has been posted to the VMware Communities in the “Security and Compliance” area, in the Documents tab.  Thanks to everyone who provided feedback on the Public Draft, and also to the team at VMware who contributed to this guide in many significant ways.

mike foley