{"id":142985,"date":"2023-03-02T06:57:19","date_gmt":"2023-03-02T06:57:19","guid":{"rendered":"https:\/\/ded9.com\/?p=142985"},"modified":"2025-10-23T08:25:39","modified_gmt":"2025-10-23T08:25:39","slug":"esxiargs-ransomware-security-bug-and-solutions-to-fix-it","status":"publish","type":"post","link":"https:\/\/ded9.com\/de\/esxiargs-ransomware-security-bug-and-solutions-to-fix-it\/","title":{"rendered":"ESXiArgs Ransomware Vulnerability: What It Is & How to Fix It"},"content":{"rendered":"

According to the observations and the obtained news, many servers with ESXi<\/a> virtualizer are now at risk of ESXiArgs ransomware.<\/p>\n

This risk exists in all versions 5 and 6. The reason for this security bug is a service called OpenSSL<\/a>. In the first step, please close the unnecessary ports as soon as possible, limit the main ports to one IP, change all your server’s access information, and back up all the VMs.<\/p>\n

The definitive solution to this problem is to install ESXiArgs virtualizer security patches.<\/p>\n

To install the ESXI security patch, proceed as follows.<\/h2>\n

1- Checking the serve@r version to download the required version:<\/h3>\n
    \n
  • VMware -v<\/li>\n<\/ul>\n

    2 – Temporary SSH activation:<\/h3>\n
      \n
    • host > configuration > security profile > services > properties > SSH<\/li>\n
    • Or, in the new version, enable TSM-SSH in ADS (instead of IP, enter the IP of the server):<\/li>\n
    • https:\/\/YOUR-IP\/ui\/#\/host\/manage\/services<\/li>\n<\/ul>\n

      3- Log in to SSH and enter the following commands:<\/h3>\n
        \n
      • Cd\/vmfs\/volumes\/datastore1\/<\/li>\n<\/ul>\n

        4- According to the installed version, download one of the links:<\/h3>\n
          \n
        • wget https:\/\/dl.ded9.com\/ISO\/ESXi\/Patch\/ESXi670-202210001.zip<\/li>\n
        • wget https:\/\/dl.ded9.com\/ISO\/ESXi\/Patch\/ESXi650-202210001.zip<\/li>\n
        • wget https:\/\/dl.ded9.com\/ISO\/ESXi\/Patch\/ESXi600-202002001.zip<\/li>\n<\/ul>\n

          \"According<\/p>\n

          5- Then install the same downloaded version with the following command:<\/h3>\n
            \n
          • esxcli software vib update -d \/vmfs\/volumes\/datastore1\/ESXi670-202210001.zip<\/li>\n
          • esxcli software vib update -d \/vmfs\/volumes\/datastore1\/ESXi650-202210001.zip<\/li>\n
          • esxcli software vib update -d\/vmfs\/volumes\/datastore1\/ESXi600-202002001.zip<\/li>\n<\/ul>\n

            \"Then<\/p>\n

            6- If a successful message is seen in the update, we will reboot the server.<\/p>\n

            \"If<\/p>\n

            7- After the server is up, you may not have access to SSH. To check the installed version through the web panel, you can check the installed version or activate SSH again according to step 2, and enter the command to check the version entered in step 1. We have to type again to know the correctness of the update.<\/p>\n

            FAQ<\/h2>\n
            \n
            \n
            \n

            Which ESXi versions are vulnerable to ESXiArgs?<\/h3>\n
            \n\n

            All major ESXi 5.x and 6.x versions are at risk due to the targeted OpenSSL component.<\/p>\n\n<\/div>\n<\/div>\n

            \n

            What\u2019s the first step you should take if your ESXi server is at risk?<\/h3>\n
            \n\n

            Immediately close unnecessary ports, restrict access to critical ports by IP, change all server credentials, and back up all virtual machines.<\/p>\n\n<\/div>\n<\/div>\n

            \n

            How do you apply the security patch to fix ESXiArgs?<\/h3>\n
            \n\n

            Check your ESXi version with vmware -v. Enable SSH temporarily and log in. Download the correct patch ZIP file for your version. Use esxcli software vib update -d .zip to install it. Reboot the server and recheck the version to confirm the update.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

            According to the observations and the obtained news, many servers with ESXi virtualizer are now at risk of ESXiArgs ransomware. This risk exists in all versions 5 and 6. The reason for this security bug is a service called OpenSSL. In the first step, please close the unnecessary ports as soon as possible, limit the […]<\/p>\n","protected":false},"author":9,"featured_media":239222,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[86],"tags":[1245],"class_list":["post-142985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-ssh"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/posts\/142985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/comments?post=142985"}],"version-history":[{"count":4,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/posts\/142985\/revisions"}],"predecessor-version":[{"id":253609,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/posts\/142985\/revisions\/253609"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/media\/239222"}],"wp:attachment":[{"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/media?parent=142985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/categories?post=142985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ded9.com\/de\/wp-json\/wp\/v2\/tags?post=142985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}