From time to time, we might release security bulletins related to Google Cloud VMware Engine. All security bulletins for VMware Engine are described here.
Per VMware security advisory VMSA-2021-0002, VMware received reports of multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). VMware has made updates available to remediate these vulnerabilities in affected VMware products.
We have applied the officially documented workarounds for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974.
VMware Engine impact
Based on our investigations, no customers were found to be impacted.
What should I do?
Because VMware Engine clusters are not affected by this vulnerability, no further action is required.