Rackspace Response to ‘ESXiArgs’ Ransomware Attack

by Marc Nourani, Director, Incident Change Problem Management Operations, Rackspace Technology

Rackspace Technology is aware of an update to the previously published OpenSLP security vulnerability (CVE-2021-21974) impacting VMware ESXi. Our partner VMware published an article available here: https://blogs.vmware.com/security/2023/02/83330.html. When the vulnerability was first announced in February 2021, Rackspace engineers performed the initial assessment and notified affected customers if further action was needed.

Rackspace standard VMware environments are designed with an architecture that prevents public access to VMware vCenters and Hypervisors – this design decreases the risk of exploitation of this vulnerability.

Out of an abundance of caution and in response to this updated CVE article, Rackspace engineers disabled the OpenSLP service advised by VMware to increase the mitigation efforts on our managed VMware environments. 

Additionally, our security teams will continue to actively monitor the situation and, to date, have not identified any associated impacted systems. 

If you have any questions, please contact a member of your support team via https://www.rackspace.com/login.

Contact us for assistance or questions