TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A critical vulnerability (CVE-2024-37079) in VMware vCenter Server is being actively exploited, over a year after Broadcom released a patch in June 2024. The flaw, rated 9.8/10 CVSS, is an out-of-bounds write bug in the DCERPC protocol implementation that allows remote code execution via specially crafted network packets. CISA added it to the Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by February 13. Security researchers note that virtualization infrastructure is a prime target for both state-sponsored and financially motivated attackers, with previous vCenter vulnerabilities exploited by China-nexus threat groups.

Critical VMware vCenter Server bug under attack