VMware is aware of suggestions that the recent defacement of the OpenSSL Foundation website (http://www.openssl.org/news/secadv_hack.txt) may be as a result of a hypervisor compromise.

The VMware Security Response Center has actively investigated this incident with both the OpenSSL Foundation and their Hosting Provider in order to understand whether VMware products are implicated and whether VMware needs to take any action to ensure customer safety.

We have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error.

VMware recommends the use of vCloud Director in deployment scenarios that require secure Internet facing access to Virtual Center and ESXi. In the event that Virtual Center is directly Internet facing VMware recommends customers remain current with patches and updates and that they follow the best practices in the vSphere Security Hardening guides https://www.vmware.com/support/support-resources/hardening-guides.html.

Updated: January 3, 2014

OpenSSL updated their advisory at¬†http://www.openssl.org/news/secadv_hack.txt to confirm that their understanding of the cause of this incident is the same as VMware’s. The VMware Security Response Center would like to thank their colleagues in the OpenSSL Security Team for their timely collaboration in understanding this incident further.