Saying the end of this year has been busy is the understatement of the year. The log4j vulnerbilities hit an extreme amount of products from various vendors across most enterprises. I have applied workarounds to nine VMware products to remediate Log4Shell. It has seemed almost neverending with new vulnerabilities related to log4j being discovered as the past couple of weeks have unfolded. It was nice when VMware offered scripts to do most of the work. I am happy that ESXi was not affected.
Make sure to apply the workaround to your NSX Intelligence Appliance. I think it’s an easy one to forget about. Also, KB87150 for this workaround has a small typo in step 6. Easy to miss it when copying and pasting. Will get an error message; command not found. Below is the correct syntax. I reported the typo so, hopefully, it will be fixed soon.
Step 6: dpkg -i zip_3.0-12_amd64.deb
I am glad to be a part of the vExpert program for the past four years. I have gotten a lot out of it from discussions on the private vExpert Slack to licenses for nearly every VMware product. The program has expanded every year I have been a part of it and I am excited to see what’s in store for next year.