Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hy...| Microsoft Security Blog
Advisory ID: | Support Portal
Hear directly from the Microsoft Threat Intelligence community as they navigate the evolving threat landscape, uncovering untold stories of APTs, malware, and other weird and cool tools and tactics in the world of cyber threats.| N2K CyberWire