CISA emergency directive orders agencies to patch VMware products with vulnerabilities

A new emergency directive from the Cybersecurity and Infrastructure Security Agency identifies vulnerabilities in specific VMware products and orders federal agencies to implement mitigations.

“The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-03 today requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove the products from agency networks until the update can be applied. For all affected VMware products identified as being accessible from the internet, agencies are directed...