VMware USB Vulnerability

You guessed it right, another ESXi vulnerability has been announced and this time VMs with USB attachments are affected. Luckily there are options, you can remove the virtual USB device (may require VM shutdown to apply) from every VM or you can simply upgrade your ESXi hosts to a newer version where this vulnerability has already been resolved.

If you want to identify how many and which VMs are currently affected in your environment, you can simply run the script below and that will generate the list automatically for you. My normal recommendation is to upgrade your hosts, however, 3 of the 5 fixed versions were just released a day ago so that could be a bit risky. If you are running 6.7 or 7.0 U3, I would definitely recommend upgrading to the fixed version of ESXi though.

PowerCLI script to identify VMs with virtual USB controllers attached to them:

$VMs = Get-VM

$USBHardware = "VirtualUSBController|VirtualUSBXHCIController"
foreach ($VM in $VMs) {
    $VMview = Get-VM $VM | Get-View

    $VMview.Config.Hardware.Device | Where-Object {$_.GetType().Name -match $USBHardware} | Foreach-Object {
        $devname = $_.GetType().Name
        Write-Host "$VM`: VM has a $devname device." -ForegroundColor Yellow
    }
}

Output Example:

Hope this was helpful, and good luck patching your systems!

Official VMware communication here

VMSA-2022-0004 Questions and Answers here

Leave a Reply