VMware fixes bad patch for critical vCenter Server RCE flaw

VMware released updated security patches to fully address CVE-2024-38812, a critical (CVSS 9.8) vCenter Server heap overflow in the DCE/RPC implementation that enables unauthenticated remote code execution; earlier September patches did not fully fix the issue so Broadcom/VMware issued new updates for supported 7.0 and 8.0 builds, while older end-of-support versions remain vulnerable and no workarounds exist.