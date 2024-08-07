Cayosoft Releases Microsoft Threat Detection for Recently Discovered VMware ESXi Authentication Bypass Vulnerability

August 2024 by Marc Jacob

Cayosoft Inc. announced that its Active Directory threat detection is now able to detect and block VMware ESXi authentication bypass vulnerability CVE-2024-37085. Actively exploited by ransomware groups, the VMware vulnerability enables threat actors to immediately gain full administrative control of VMware systems by creating Active Directory (AD) groups called "ESX Admins."

Cayosoft’s AD threat detection capabilities function as an ’identity-centric antivirus’ for Microsoft Active Directory and Entra ID, arming users with continuous and automatic updates to the latest threat definitions from Cayosoft’s security research team. With its latest update, Cayosoft now protects against the VMware authentication bypass exploit by automatically detecting new, renamed and existing "ESX Admins" groups in AD, which could be a sign of compromise. Instant change alerts and automatic rollbacks prevent the attack technique, rendering attackers unable to take advantage of the exploit even for unpatched ESXi VMware hosts. Although VMware issued a patch for the latest version of ESXi, organizations using older versions are still exposed. Cayosoft detects the vulnerability across all versions of VMware ESXi, enabling organizations to secure their VMware infrastructure no matter which version they are using.

Cayosoft threat detection is a capability within Cayosoft Guardian, which is a unified security, monitoring and recovery solution for Microsoft Active Directory, Entra ID, Microsoft 365, and Intune that monitors all directory changes and threats, and rolls back changes instantly and automatically when needed. Key threat detection capabilities include:

Advanced Identity Threat Detection & Response applies threat intelligence, including indicators of exposure (IOEs) and indicators of compromise (IOCs) to uncover advanced attacks.

Real-time monitoring continuously monitors across all Microsoft environments for unwanted changes, suspicious actions and misconfigurations.

Real-time alerts enable instant notification of unwanted changes as well as scheduled reports detailing emerging security threats.

Cayosoft AD threat detection capabilities are available through the Cayosoft Guardian trial, with uninterrupted access continuing after the trial period.