Weekly highlight:
Log4j vulnerability CVE-2021-44228 – VMware Digital Workspace Products
- CVE-2021-44228 has been determined to impact Workspace ONE Access Connector, VMware Identity Manager Connector, Horizon and partially UAG via the Apache Log4j open source component it ships.
- This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review the KBs below before continuing.
- Impacted EUC Products:
- Access Connector: https://kb.vmware.com/s/article/87091
- Access on-prem: https://kb.vmware.com/s/article/87090
- Horizon Workaround: https://kb.vmware.com/s/article/87073
- Fix: https://customerconnect.vmware.com/downloads/details?downloadGroup=HZ-2111-SUB&productId=716&rPId=79128
- UAG Workaround https://kb.vmware.com/s/article/87092
- Fix: https://customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_unified_access_gateway/21_11
- List of NOT impacted products: https://kb.vmware.com/s/article/87068
- Find the official VMSA Security response here: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Software Releases Week 50 - Release Notes
VMware VMSA-2021-0029 - Impacting Workspace ONE UEM, console patches address SSRF vulnerability
A Server Side Request Forgery (SSRF) vulnerability in VMware Workspace ONE UEM console was privately reported to VMware. Patches and workarounds are available to address this vulnerability in affected VMware products. The issue has been mitigated for VMware-hosted Workspace ONE consoles.
VMware Workspace ONE UEM console contains a Server Side Request Forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.
Patches and Workaround in listed / explained in the KB.
VMSA: https://www.vmware.com/security/advisories/VMSA-2021-0029.html
KB-Reference: https://kb.vmware.com/s/article/87167
Antivirus Best Practices for Workspace ONE Intelligent Hub for Windows (87149)
Enterprises often leverage 3rd party security or antivirus software for endpoint security and threat remediation. There are scenarios that Workspace ONE Intelligent Hub components or services are being impacted due to false-positive reports.
This article provides information on the list of directories/sub-directories that need to be excluded under the antivirus or security software endpoint settings for the Workspace ONE Intelligent Hub for Windows to function properly.
In the KB is the complied list of items (includes directories, sub-directories, executables) that need to be excluded.
KB-Reference: https://kb.vmware.com/s/article/87149?lang=en_US
Change for "Tags" API resource during migration to Workspace ONE UEM release 2105 and above (87116)
Before the Workspace ONE UEM 105 release, the "Tags" permission was not needed to call the TAGS API. The authorization attribute was missing from API endpoints. Post the 2105 release, the appropriate permission was added to the Tags API.
Customers who migrate to Workspace ONE UEM release 2105 releases and above will have to explicitly enable the below resources for their Admin accounts to utilize the Tags API.
Within the Workspace ONE UEM Console, please enable the resources below to utilize the Tags API.
More info in KB: https://kb.vmware.com/s/article/87116?lang=en_US
Removal of search text option for “category” field on Device event page (87115)
The search text option for the Category field on both the Console Events and Device Events pages within the Workspace ONE UEM Console will be removed in early 2022 Console releases.
When navigating to Monitor > Events > Console Events/ Device Events pages within the Workspace ONE UEM Console, a grid is available that features the option to search for inserted text.
However, within the Category field, the ability to search for text entered with a space is not available.
This is due to the fact that the search functionality is displayed based on locale text, preventing the ability to search for the entered text in the globalization field.There are additional filters available on the grid which can be utilized on both the Device Events and the Console Events pages instead.
KB-Reference: https://kb.vmware.com/s/article/87115?lang=en_US
Deprecate 'Sorting' from few columns on Device List view page in Workspace ONE UEM console in early 2022 (86044)
With the modernization effort and redundant cleanup activity in progress, the decision has been made to deprecate the 'Sorting' functionality from the below columns on Device List View page within the Workspace ONE UEM Console.
This will be accomplished in early 2022.Build Version
Public IP address
Wi-Fi SSID
WNS Status
DM Last seen
Device Group
Alternate to Device Group
1. Filters have been implemented to narrow down the devices.
2. 'Tags' are a powerful alternative to device groups.Device-list supports filtering devices by tags, which can be used to narrow down to specific set of devices.
Tags are supported in smart group criteria.
3. Sort by build version
Consider two devices D1 (OS version: 1.0.0.1) and D2 (OS version: 2.0.0.0). The build version is the fourth part of the OS version.
Sorting by build version will list D2 over D1, while the OS version of D2 is greater than that of D1.
In short, build version alone does give the complete picture, and should not be used to sort.
The OS version filter can be used to narrow down on the required devices.
4. The columns are rarely used to sort in production.KB-Reference: https://kb.vmware.com/s/article/86044?lang=en_US
Introducing VMware Workspace ONE Intelligence version 21.12.07 (87061)
The VMware Workspace ONE team is excited to announce a new update to Workspace ONE Intelligence on December 7th, 2021. The release is publicly available.
We've updated the integration of Carbon Black with the Trust Network feature.
The integration now provides faster delivery of Carbon Black threat and risk information to Workspace ONE Intelligence. It also includes a new field entitled Threat Event Status that you can use in your Intelligence queries. This field identifies when Carbon Black changes and updates its alerts.
To take advantage of these new capabilities, navigate to the Integrations Dashboard and update the API keys for the Carbon Black integration. For more information regarding this enhancement, access the article Workspace ONE Intelligence Integration Update.
In the CVE solution, we've added support for iOS.
Users can now group data by different time ranges (daily, weekly, 28 days) in widgets.
This enhancement enables use cases where the user wants to see data points by larger timeframes such as total bytes received by week or month.
Product team's response to Aha! feature requests (87055)
Since our launch of the Aha! feature request portal, we’ve been amazed at the engagement from our customers and partners to put forth new ideas and suggestions. As a product team, it’s been great to hear and engage directly with customers to build the future of Workspace ONE.
We get a lot of questions on which ideas are being looked at by the VMware product team, so we’d like to announce a formal commitment on ideas that will get a response:
The VMware product team will provide a response on the top 10 most voted ideas in each top-level category on the Aha! portal.
The top ideas for a top-level category can be viewed by using the ‘Popular’ tab in the Aha! Portal and filtering by category.
Enhanced Carbon Black Integration Update (86394)
Behind-the-scenes changes in the way data is shared between Carbon Black Cloud and Workspace ONE Intelligence are being released this week.
Please follow the instructions in the Workspace ONE Intelligence > Integrations card > UPDATE CONNECTION (shown below) to configure this integration with updated API keys. (For more technical information and configuration instructions - Workspace ONE Intelligence Integration Update: https://developer.carbonblack.com/2021/09/workspace-one-intelligence-integration-update/)
The mechanism used to send data from Carbon Black Cloud is being updated to a newer method that will provide faster delivery of Carbon Black threat and risk information, as well as the addition of Alert Change details.
The addition of Alert Change details may result in an increased volume of data coming to your Workspace ONE Intelligence environment, though there are no charges for this. You will also see an additional field called “Threat Event Status”
To take advantage of these new features follow the provided instructions included in this article: https://kb.vmware.com/s/article/86394?lang=en_US
VMware Techzone, YouTube and Blog Updates
Horizon on Google Cloud VMware Engine Architecture
https://techzone.vmware.com/resource/horizon-on-google-cloud-vmware-engine-architectureHorizon on Google Cloud VMware Engine Configuration
https://techzone.vmware.com/resource/horizon-on-google-cloud-vmware-engine-configurationTechzone Podcast: Horizon Q4 Releases and interview with Jeff Ulatowski
https://techzone.vmware.com/?share=podcast4325&title=horizon-q4-releases-and-interview-with-jeff-ulatoskiDay-One Horizon Monitoring with ControlUp Scoutbees
https://blogs.vmware.com/euc/2021/12/day-one-horizon-monitoring-with-controlup-scoutbees.htmlHorizon Architecture
https://techzone.vmware.com/resource/horizon-architectureHorizon Configuration
https://techzone.vmware.com/resource/horizon-configurationVMware Blast Extreme Optimization Guide
https://techzone.vmware.com/resource/vmware-blast-extreme-optimization-guide
Blog, 3rd Party and Partner Updates
Patrick Zoeller: VMware SASE with Workspace ONE Web App
https://digitalworkspace.one/2021/12/02/vmware-sase-with-workspace-one-web-app/Mobile-Jon: What the vExpert Program Means to Mobile Jon
https://mobile-jon.com/2021/12/13/what-the-vexpert-program-means-to-mobile-jon/
Software Releases December 2021
Patch & Seed Script Updates Week 50
OS Seed Script Update
Most recent updates: IOS 15.2.0 macOS Monterey 12.1.0
https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en
Last Update: CW50
Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
Agnostic script to update seed data to allow Android 12 enrollments into the Console.
https://resources.workspaceone.com/view/rvfdv9s6mhsh4xgdxf7f/en
Last Update: CW44
Workspace ONE UEM 20.05
Patch Level: 20.5.0.52
AAPP-12517 - Generate unique PayloadIdentifier in configuration profile on push
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/rn/VMware-Workspace-ONE-UEM-Release-Notes-2005.html#-20-5-0-52--patch-resolved-issues-resolvedLast Update: CW35
Workspace ONE UEM 20.08
Patch Level: 20.8.0.36
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/rn/VMware-Workspace-ONE-UEM-Release-Notes-2008.html#-20-8-0-34-patch-resolved-issues-resolvedLast Update: CW50
Workspace ONE UEM 20.11
Patch Level: 20.11.0.40
Security Updates.
Last Update: CW50
Workspace ONE UEM 21.02
Patch Level: 21.2.0.27
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html#-21-2-0-26-patch-resolved-issues-resolvedLast Update: CW50
Workspace ONE UEM 21.05
Patch Level: 21.5.0.35, latest level .37
MACOS-2712: iOS profile with Allow Removal With Authentication failing to install on supervised device.
PPAT-10193: Mac Tunnel profile is not installing and profile XML view is crashing when DTR are configured.
PPAT-10227: MacOS Tunnel VPN profile fails to install.
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-35-patch-resolved-issues-resolved
Last Update: CW50
Workspace ONE UEM 21.09
Patch Level: 21.9.0.6
AMST-34558: DS cluster under stress due to ApproveUpdate windows commands.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#-21-9-0-6-patch-resolved-issues-resolved
Last Update: CW45
Comments
Post a Comment