Patch or die: VMware vCenter Server bug fixed in 2024 under attack today

A critical out-of-bounds write vulnerability in VMware vCenter Server's DCERPC implementation (CVE-2024-37079, CVSS 9.8) can enable remote code execution; Broadcom indicates exploitation in the wild and CISA added the flaw to its Known Exploited Vulnerabilities catalog. Broadcom issued a patch in June 2024; organizations are urged to patch affected vCenter Servers and avoid exposing them to the public internet.