CISA Warns of Critical VMware vCenter RCE Vulnerability Now Exploited in Attacks

CISA has added CVE-2024-37079—a critical out-of-bounds write in VMware vCenter Server's DCERPC implementation that enables unauthenticated remote code execution—to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; Broadcom released patches and organizations are urged to patch immediately, restrict vCenter exposure, monitor DCERPC traffic, and audit logs to prevent broad compromise of virtual infrastructure.