Critical VMware ESXi Vulnerability Exploited by Ransomware Groups

Attackers gain admin control through simple Active Directory group creation, affecting numerous organizations.

CVE-2024-37085 allows attackers to gain full control of ESXi hypervisors by creating an 'ESX Admins' group in Active Directory.
Ransomware groups like Black Basta, Akira, and Medusa have used this flaw in post-compromise attacks.
Microsoft and Broadcom have issued patches, but many systems remain vulnerable.
Security experts criticize the moderate severity rating assigned to this vulnerability.
Administrators are urged to patch immediately and review credential hygiene to prevent exploitation.