Cayosoft Inc., the leader in hybrid Microsoft Active Directory management, monitoring and recovery, today announced that its Active Directory threat detection is now able to detect and block VMware ESXi authentication bypass vulnerability CVE-2024-37085. Actively exploited by ransomware groups, the VMware vulnerability enables threat actors to immediately gain full administrative control of VMware systems by creating Active Directory (AD) groups called “ESX Admins.”

Cayosoft’s AD threat detection capabilities function as an ‘identity-centric antivirus’ for Microsoft Active Directory and Entra ID, arming users with continuous and automatic updates to the latest threat definitions from Cayosoft’s security research team. With its latest update, Cayosoft now protects against the VMware authentication bypass exploit by automatically detecting new, renamed and existing “ESX Admins” groups in AD, which could be a sign of compromise. Instant change alerts and automatic rollbacks prevent the attack technique, rendering attackers unable to take advantage of the exploit even for unpatched ESXi VMware hosts. Although VMware issued a patch for the latest version of ESXi, organizations using older versions are still exposed. Cayosoft detects the vulnerability across all versions of VMware ESXi, enabling organizations to secure their VMware infrastructure no matter which version they are using.

“The threat landscape is ever-changing with new vulnerabilities emerging constantly; we offer threat detection that enables every organization to identify threats, respond quickly and protect their Microsoft investments,” said Robert Bobel, founder and CEO, Cayosoft. “Our security research team continuously updates Cayosoft threat definitions to make sure our customers have full, automated and immediate protection against the latest exploits.”

Cayosoft threat detection is a capability within Cayosoft Guardian, which is a unified security, monitoring and recovery solution for Microsoft Active Directory, Entra ID, Microsoft 365, and Intune that monitors all directory changes and threats, and rolls back changes instantly and automatically when needed. Key threat detection capabilities include:

  • Advanced Identity Threat Detection & Response applies threat intelligence, including indicators of exposure (IOEs) and indicators of compromise (IOCs) to uncover advanced attacks.
  • Real-time monitoring continuously monitors across all Microsoft environments for unwanted changes, suspicious actions and misconfigurations.
  • Real-time alerts enable instant notification of unwanted changes as well as scheduled reports detailing emerging security threats.

Cayosoft AD threat detection capabilities are available through the Cayosoft Guardian trial, with uninterrupted access continuing after the trial period. Sign up today and visit the Cayosoft blog for a step-by-step guide to securing your VMware systems against the ESXi CVE-2024-37085 vulnerability.

About CayosoftCayosoft delivers the only unified solution enabling organizations to securely manage, continuously monitor for threats or suspect changes, and instantly recover their Microsoft platforms, including on-premises Active Directory, hybrid AD, Entra ID (formerly Azure AD), Office 365, and more.

Unlike legacy solutions, Cayosoft builds with hybrid, cloud, and mobile users in mind, fully supporting an organization throughout its IT cloud journey. Manage by offering roles, rules, and automations for Active Directory user governance. Monitor for critical changes, risks, vulnerabilities, and threats that could compromise operations. Lastly, recover from simple objects up to multiple forests. Cayosoft is the only vendor offering instant forest recovery and delivering AD forest recovery in minutes vs. multiple hours, days, even weeks with traditional methods.

To learn more, visit cayosoft.com and be sure to follow @cayosoft on LinkedIn, X/Twitter, and Facebook.

Media Contact:Doug De Orchiscayosoft@scratchmm.comScratch Marketing + Media for Cayosoft