Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: June 2015

Monthly Archives: June 2015

VMware CP&C releases Blocker for ‘Get Windows 10’ Application

CPC-LogoThe VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of a compliance toolkit for blocking the ‘Get Windows 10’ application on all applicable machines.

Microsoft is set to release Windows 10 on July 29th, and will also be available as a free upgrade for applicable systems via the ‘Get Windows 10’ application. In the Enterprise environment, it is important to maintain control over your devices, and the ‘Get Windows 10’ application can cause quite a stir in the corporate environment. There is however relief for those Administrators who wish to smite the application from their environment to ensure that there are no unplanned upgrades.

The “Blocker for ‘Get Windows 10’ application” compliance template in VMware vRealize Configuration Manager (VCM) provides an option to quickly check and enforce remediation to prevent any unplanned upgrade of Windows. The enforcement checks and creates an registry key if needed, and then an registry value to disable the GWX application, which provides an option to upgrade the existing version of Windows.

Block-Win10

VMware vRealize Configuration Manager is not limited to compliance. This solution supports configuration and compliance assessment of your Docker containers, *NIX, Windows and Virtual environments along with patching, change management and various other asset management and reporting capabilities. It also support other regulatory and industry accepted security benchmarks and guidelines such as HIPAA, PCIDSS, DISA, CIS, IRS, SOX, etc. If you have any questions about this solution, please post them here.

Thanks and Regards,
Aravind Kolipakkam
CISSP | CCSK | ITIL | MCSE | Security+

VMware CP&C releases PCI DSS 3.1 Compliance toolkit in VCM for VMware vSphere 6.0 and other platforms!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of PCI DSS 3.1 compliance toolkits for VMware vSphere 6.0 and other platforms – Windows, *NIX, and VMware vSphere 5.5, 5.1 and 5.0 in VMware vCenter Configuration Manager (VCM). The toolkits consists of automated compliance rules to assess your environment against PCI DSS 3.1 requirements.

PCI Security Standards Council (PCI SSC) council quickly updated the standards from 3.0 to 3.1 in wake of SSL vulnerability on 15 Apr 2015. As per the announcement by the PCI council, the revision includes minor updates and clarifications, and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. PCI DSS Version 3.1 is effective immediately following the publication, 15 Apr 2015. PCI DSS Version 3.0 will be retired on 30 June 2015.

Continue reading

VMware CP&C releases VMware vSphere 6.0 Hardening Guide Compliance toolkit in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of VMware vSphere 6.0 Hardening Guide Compliance toolkit in VMware vCenter Configuration Manager (VCM). The toolkit consists of automated compliance rules to assess your VMware vSphere 6 based virtualized environments against the hardening guide. It covers 100% of the hardening guide recommendations.

The hardening guide has three risk profiles that group the recommendations based on the sensitivity of your environment. You can pick the compliance toolkits for respective risk profile or get all the rules at once and then make modifications to suit your sensitivity category.

Continue reading

New VMware Security Advisory VMSA-2015-0004

Today VMware has released the following new security advisory:

VMSA-2015-0004

VMware Workstation, Fusion and Horizon View Client updates address critical security issues – CVE-2012-0897, CVE-2015-2336, CVE-2015-2337, CVE-2015-2338, CVE-2015-2339, CVE-2015-2340, CVE-2015-2341.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

Edward Hawkins
————————
Sr. Program Manager – VMware Security Response Center