Cayosoft Releases Microsoft Threat Detection for Recently Discovered VMware ESXi Authentication Bypass Vulnerability
07 Agosto 2024 - 8:00AM
Cayosoft Inc., the leader in hybrid Microsoft Active Directory
management, monitoring and recovery, today announced that its
Active Directory threat detection is now able to detect and block
VMware ESXi authentication bypass vulnerability CVE-2024-37085.
Actively exploited by ransomware groups, the VMware vulnerability
enables threat actors to immediately gain full administrative
control of VMware systems by creating Active Directory (AD) groups
called “ESX Admins.”
Cayosoft’s AD threat detection capabilities
function as an ‘identity-centric antivirus’ for Microsoft Active
Directory and Entra ID, arming users with continuous and automatic
updates to the latest threat definitions from Cayosoft’s security
research team. With its latest update, Cayosoft now protects
against the VMware authentication bypass exploit by automatically
detecting new, renamed and existing “ESX Admins” groups in AD,
which could be a sign of compromise. Instant change alerts and
automatic rollbacks prevent the attack technique, rendering
attackers unable to take advantage of the exploit even for
unpatched ESXi VMware hosts. Although VMware issued a patch for the
latest version of ESXi, organizations using older versions are
still exposed. Cayosoft detects the vulnerability across all
versions of VMware ESXi, enabling organizations to secure their
VMware infrastructure no matter which version they are using.
“The threat landscape is ever-changing with new
vulnerabilities emerging constantly; we offer threat detection that
enables every organization to identify threats, respond quickly and
protect their Microsoft investments,” said Robert Bobel, founder
and CEO, Cayosoft. “Our security research team continuously updates
Cayosoft threat definitions to make sure our customers have full,
automated and immediate protection against the latest
exploits.”
Cayosoft threat detection is a capability within
Cayosoft Guardian, which is a unified security, monitoring and
recovery solution for Microsoft Active Directory, Entra ID,
Microsoft 365, and Intune that monitors all directory changes and
threats, and rolls back changes instantly and automatically when
needed. Key threat detection capabilities include:
- Advanced Identity Threat Detection &
Response applies threat intelligence, including indicators
of exposure (IOEs) and indicators of compromise (IOCs) to uncover
advanced attacks.
- Real-time monitoring continuously monitors
across all Microsoft environments for unwanted changes, suspicious
actions and misconfigurations.
- Real-time alerts enable instant notification
of unwanted changes as well as scheduled reports detailing emerging
security threats.
Cayosoft AD threat detection capabilities are
available through the Cayosoft Guardian trial, with uninterrupted
access continuing after the trial period. Sign up today and visit
the Cayosoft blog for a step-by-step guide to securing your VMware
systems against the ESXi CVE-2024-37085 vulnerability.
About CayosoftCayosoft delivers
the only unified solution enabling organizations to securely
manage, continuously monitor for threats or suspect changes, and
instantly recover their Microsoft platforms, including on-premises
Active Directory, hybrid AD, Entra ID (formerly Azure AD), Office
365, and more.
Unlike legacy solutions, Cayosoft builds with
hybrid, cloud, and mobile users in mind, fully supporting an
organization throughout its IT cloud journey. Manage by offering
roles, rules, and automations for Active Directory user governance.
Monitor for critical changes, risks, vulnerabilities, and threats
that could compromise operations. Lastly, recover from simple
objects up to multiple forests. Cayosoft is the only vendor
offering instant forest recovery and delivering AD forest recovery
in minutes vs. multiple hours, days, even weeks with traditional
methods.
To learn more, visit cayosoft.com and be sure to
follow @cayosoft on LinkedIn, X/Twitter, and Facebook.
Media Contact:Doug De
Orchiscayosoft@scratchmm.comScratch Marketing + Media for
Cayosoft