VMware Horizon Log4Shell RCE
Description
VMware Horizon is affected by the Log4Shell vulnerability (CVE-2021-44228), a critical remote code execution flaw in the Apache Log4j logging library. This vulnerability allows attackers to execute arbitrary code by sending specially crafted strings that are processed by vulnerable Log4j versions. Because VMware Horizon uses affected versions of Log4j, systems running unpatched installations are exposed to exploitation without requiring authentication.
Remediation
Apply the security patches provided by VMware immediately by following these steps:
1. Review the VMware Security Advisory VMSA-2021-0028 to identify the specific patch or updated version applicable to your VMware Horizon deployment
2. Download the appropriate patch from the official VMware support portal
3. Schedule a maintenance window and create a backup of your current VMware Horizon configuration
4. Apply the security update following VMware's installation instructions for your specific version
5. Restart affected services as directed in the patch documentation
6. Verify the patch installation by checking the Log4j library version is updated to 2.17.1 or later
7. Monitor system logs for any signs of exploitation attempts or unusual activity
As a temporary mitigation if immediate patching is not possible, consider implementing network-level controls to restrict access to VMware Horizon services and enable additional logging to detect exploitation attempts.