<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin-top:0in;
margin-right:31.7pt;
margin-bottom:0in;
margin-left:0in;
text-autospace:none;
font-size:11.0pt;
font-family:"Franklin Gothic Book",sans-serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.contextualspellingandgrammarerror
{mso-style-name:contextualspellingandgrammarerror;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:19821386;
mso-list-type:hybrid;
mso-list-template-ids:-1142795506 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNoSpacing">The Cybersecurity and Infrastructure Security Agency (CISA) issued
<a href="https://www.cisa.gov/emergency-directive-22-03"><i>Emergency Directive 22-03 (ED 22-03) Mitigate VMware Vulnerabilities</i></a> today requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove
the products from agency networks until the update can be applied. <o:p></o:p></p>
<p class="MsoNoSpacing"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNoSpacing">Although ED 22-03 is only directed to federal agencies, <i>
CISA encourages public and private sector organizations </i>to review it, along with our cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors.
<o:p></o:p></p>
<p class="MsoNoSpacing"><o:p> </o:p></p>
<p class="MsoNoSpacing"><span class="normaltextrun"><span style="color:#030303">The emergency directive is in response to observed or expected active exploitation of a series of vulnerabilities (CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973)
in the following VMware products: <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level2 lfo2">
<![if !supportLists]><span class="normaltextrun"><span style="font-family:"Courier New";color:#030303"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><span class="normaltextrun"><span style="color:#030303">VMware Workspace ONE Access (Access),
<o:p></o:p></span></span></p>
<p class="MsoNoSpacing" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level2 lfo2">
<![if !supportLists]><span class="normaltextrun"><span style="font-family:"Courier New";color:#030303"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><span class="normaltextrun"><span style="color:#030303">VMware Identity Manager (vIDM),
<o:p></o:p></span></span></p>
<p class="MsoNoSpacing" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level2 lfo2">
<![if !supportLists]><span class="normaltextrun"><span style="font-family:"Courier New";color:#030303"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><span class="normaltextrun"><span style="color:#030303">VMware vRealize Automation (vRA),
<o:p></o:p></span></span></p>
<p class="MsoNoSpacing" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level2 lfo2">
<![if !supportLists]><span class="normaltextrun"><span style="font-family:"Courier New";color:#030303"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><span class="normaltextrun"><span style="color:#030303">VMware Cloud Foundation,
<o:p></o:p></span></span></p>
<p class="MsoNoSpacing" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level2 lfo2">
<![if !supportLists]><span class="normaltextrun"><span style="font-family:"Courier New";color:#030303"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><span class="normaltextrun"><span style="color:#030303">vRealize Suite Lifecycle Manager (impacted VMware products).
<o:p></o:p></span></span></p>
<span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#030303;mso-fareast-language:EN-US"><br clear="all" style="page-break-before:always">
</span></span>
<p class="MsoNoSpacing"><span class="normaltextrun"><span style="color:#030303"><o:p> </o:p></span></span></p>
<p class="MsoNoSpacing"><span class="normaltextrun"><span style="color:#030303">Successful exploitation one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.
</span></span><span class="contextualspellingandgrammarerror"><o:p></o:p></span></p>
<p class="MsoNoSpacing"><span class="contextualspellingandgrammarerror"><o:p> </o:p></span></p>
<p class="MsoNoSpacing">In addition to ED 22-03, CISA also published a cybersecurity advisory,
<a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-138b"><i>Threat Actors Chaining VMware Vulnerabilities for Full System Control</i></a><i>,</i> with additional details on the exploitation of CVE-2022-22954 and CVE-2022-22960, detection methods, incident
response recommendations, and mitigation guidance. VMware released updates for CVE-2022-22954 and CVE-2022-22960 on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit
within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.
<o:p></o:p></p>
<p class="MsoNoSpacing"><o:p> </o:p></p>
<p class="MsoNoSpacing">Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same affected impacted VMware products. This CSA provides
IOCs and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to exploitation of CVE-2022-22954 and CVE-2022-22960.<o:p></o:p></p>
<p class="MsoNoSpacing"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">CISA is posting information about ED 22-03 and CSA on our social media platforms. We appreciate you sharing this information and/or amplifying our social media with your community
of followers.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D86AB0.2D4F7500"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>