VMware vCenter Server VMSA-2024-0012 Critical Patch Update Steps

In case you haven’t heard as of yet, there is a new critical VMware vCenter Server critical patch advisory to be aware of that will require patching your vCenter Server. I have gone through the steps to patch vCenter Server so I can show you guys the effort and steps involved to get your VCSA appliance patched for the vulnerabilities. Let’s first look at the VMware vCenter Server critical patch VMSA-2024-0012 and what CVEs it contains and then the steps to apply the needed patch.

CVE-2024-37079, CVE-2024-37080, CVE-2024-37081

Let’s look at the CVEs contained in this VMware security advisory. These include:

• CVE-2024-37079 & CVE-2024-37080 – Multiple heap overflow vulnerabilities with the DCERPC protocol. The severity of this vulnerability has the maximum CVSSv3 base score of 9.8. An attacker with only network access to the vCenter Server may trigger this vulnerability with a special network packet that could lead to remote code execution.
• CVE-2024-37081 – This vulnerability is the local privilege escalation vulnerability due to the misconfiguration of sudo. The maximum CVSSv3 base score for this vulnerability is 7.8.

Here are the affected versions of vCenter Server and VMware Cloud Foundation found in the official documentation for the vulnerabilities here: Support Content Notification – Support Portal – Broadcom support portal.

Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:

Before upgrading vCenter Server

Before you upgrade vCenter Server, there are a few things to keep in mind and other things you will want to pause or quiesce, such as:

• Backup solutions that are pointed to your vCenter Server. Let these finish their current backups and then pause them.
• Monitoring solutions can either be paused or realize you will get some extra noise once services are restarted on vCenter Server.
• Take a snapshot of the vCenter Server appliance virtual machine.

VMSA-2024-0012 Patch Steps

Let’s look at the following VMSA-2024-0012 patch steps for patching vCenter Server against this vulnerability.

First, log into the host that “owns” the vCenter virtual appliance and take a snapshot of the VCSA virtual machine.

Now, log into the VAMI interface which is found at port 5480. Once logged in, navigate in the vCenter appliance to Update and then click the Check Updates button. Choose CDROM + URL. It will retrieve the available patches for your vCenter Server appliance. Once you choose the latest update for this VMSA, which is dated June 12, 2024 for vCenter Server 8.x. Click the Stage and Install button.

This will launch the end user license agreement. Place a check in the I accept the terms of the license agreement checkbox and click Next.

The update process will run prechecks on the vCenter Server appliance.

Make a note of the vCenter Server pre-update check results. Here I have a couple of warnings but nothing to prevent the installation of the patch. Press Ignore and Continue to move forward.

You can choose whether or not you want to join the customer experience improvement program. Make your selection and click Next.

You will get prompted to back up vCenter Server. It will look for file-level backups to be running. However, since we have taken a snapshot, I clicked Finish.

The update process begins.

After several minutes the installation of the vCenter Server patch completes successfully.

In the Summary screen after logging back into the VAMI interface, we can see the current version of the vCenter Server appliance to verify the installation incremented the version.

Next steps

There are a few next steps once we have vCenter Server upgraded. My recommendation here is to leave the snapshot on for a while to verify things in your environment are still working as expected. Also, do the following:

• Reenable your backups
• Reenable monitoring solutions
• After a day or so and everything looks ok, delete the snapshot on your vCenter Server appliance

Wrapping up

The new VMware vCenter Server VMSA-2024-0012 critical patch is one that you want to get installed as soon as possible due to the severity of the vulnerability. As outlined, the process to patch vCenter isn’t too difficult using some common sense and having a snapshot on your vCenter Server appliance. Keep the other solutions in mind that tie in with vCenter Server to make sure these are properly paused or you understand the fallout once vCenter Server services are restarted.