Back to resource center

Easily addressing New MITRE ATT&CK® Updates for VMware ESXi

Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read
Easily addressing New MITRE ATT&CK® Updates for VMware ESXi

Security teams are understandably concerned about the safety of their virtualized environments with the recent swell of attacks utilizing vulnerabilities in VMware.[1] These constant threats have prompted global alerts concerning gaps in hypervisor security. In response, the MITRE Corporation recently updated its MITRE ATT&CK® framework to include specific guidelines for VMware ESXi that VMware licensees are encouraged to follow improve their security postures and help with compliance.

The connection between MITRE and compliance

Developed by the MITRE Corporation to help solve cybersecurity-related issues for a safer world, MITRE ATT&CK is a widely known, globally accessible knowledge base of tactics and techniques that attackers can use to exploit security vulnerabilities.[2] Ensuring that organizations are defending against these attack techniques enables active threat-hunting and can also streamline incident response by identifying which attack techniques were employed in the event of an attack.[3]

Although the ATT&CK framework isn’t a compliance standard, it can be used as a structured approach to implementing security controls.[4] In addition to enhancing an organization’s security posture, it aligns with various compliance standards, including NIST and ISO 27001.[5] This helps demonstrate robust security controls to stakeholders and auditors, simplifies audits, and improves regulatory adherence.

Noteworthy updates to MITRE requirements for VMware

In a ground-breaking update, MITRE recently added an ESXi platform to their ATT&CK v17 framework, highlighting the increase in attacks targeting virtualization infrastructure.[6] Specifically, MITRE introduced Tactics, Techniques and Procedures (TTPs) to help combat ESXi threats from ransomware groups targeting the hypervisor layer in virtualized environments.

In addition to adapting 34 existing techniques to the ESXi environment, MITRE added four new techniques including:

  • ESXi Administration Control
  • Command Scripting Interpreter: Hypervisor CLI
  • Server Software Component: vSphere Installation Bundles
  • Virtual Machine Discovery

Although implementing the MITRE ATT&CK updates for VMware ESXi into your security strategy is strongly recommended, doing so on your own can be challenging. That’s why it’s worth leveraging Rimini Street’s existing solution for hypervisor security.

A simple solution for hypervisor protection

Rimini Protect™ Advanced Hypervisor Security (AHS) powered by Vali Cyber® addresses all of the adapted and new MITRE ATT&CK’s TTPs with the default installation configuration — strengthening your security posture and facilitating compliance.[7]

Rimini Protect AHS is the industry’s first purpose-built hypervisor security specifically designed to defend against ransomware and other common malware-based attacks targeting Linux-based hypervisors, including VMware ESXi. Our proactive protection helps you stay one step ahead of VMware vulnerabilities by providing protection for vulnerabilities before they become known or are exploited.

Through this solution, we provide effective protection against:

  • Exploits
  • Ransomware
  • Stolen credentials

Automated remediation also ensures that when an attack is detected, affected files are immediately restored with no downtime, offering clients greater peace of mind.

Rimini Protect AHS licenses are included with standard Rimini Support™ for VMWare, backed by a team of more than 75 full-time security professionals. Also included are security advisory services and threat intelligence reports with available mitigation options for known and zero-day vulnerabilities.

[CTA box]Learn more about the Rimini Protect AHS solution and how it serves as a simple, effective way to help ensure hypervisor security while satisfying the MITRE ATT&CK updates in our upcoming VMware User Group (VMUG) webinar May 29 or non-VMUG members contact here for more in-depth information.

Content contributed by Kevin Eyre, Sr. Director Product Marketing, Rimini Street

[1] Cyber Security News: VMware Vulnerabilities Exploited Actively to Bypass Security Controls & Deploy Ransomware

[2] MITRE ATT&CK®

[3] CyberProof: How MITRE ATT&CK Helps In Improving Your Cyber Defense

[4] Fidelis Security: MITRE ATT&CK Use Cases: Essential Security Tactics for 2025 Threats

[5] CyberProof:  How MITRE ATT&CK Helps In Improving Your Cyber Defense

[6] MITRE:  ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures

[7] Vali Cyber:  MITRE ATT&CK v17 ESXi Matrix: ZeroLock  Quick Map

Table of contents
You may also like

Gabe Dimeglio

CISO, SVP & GM Rimini Protect™ and Rimini Watch™

Gabe Dimeglio is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analyses/risk mitigation, and compliance.

Mr. Dimeglio serves as Vice President & Executive Advisor, Security, Office of the CTO at Rimini Street. He is responsible for oversight of the GSS organization that provides tailored consulting and advisory security services to prospects and clients, in collaboration with Rimini Street sales, client engagement, and retention functions.

LinkedIn

More from Gabe Dimeglio

No One Has Time for Complicated VMware Security Updates!
Blog
No One Has Time for Complicated VMware Security Updates!
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read

For VMware perpetual licensees without Broadcom support, installing security patches has become more challenging.   Last year, Broadcom assured vSphere customers that security patches for all supported versions would be made available to all customers — even those with expired support contracts.[1] However, on April 8, 2025, the company announced that updates for VMware vSphere ESXi […]

Read Blog
Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit
Blog
Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read

On Thursday of last week, Rimini Protect™ security services identified that a critical vulnerability in SAP NetWeaver was actively exploited by threat actors. This exploit enables attackers to compromise systems without requiring authentication and then allows for lateral movement to carry out other malicious activities, such as data exfiltration and ransomware attacks. The CVSS score […]

Read Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

March 4, 2025 was a day filled with uncertainty for VMware clients when the US government agency CISA (Cybersecurity and Infrastructure Security Agency) announced that three VMware ESXi vulnerabilities were being added to the Known Exploited Vulnerabilities (KEV) list.[1]  Two of these vulnerabilities were ranked as “severe” and one as “critical” based on their severity […]

Read Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Software bugs: Where do they come from? How are they exterminated? You have cybersecurity questions, Rimini Street has answers. A software bug, commonly referred to as a vulnerability, is often present in the software when it’s first written. These flaws can range from minor glitches to major security gaps that open the door to cyberattacks. […]

Read Blog
Terminating Threats: IT Security Expertise in Action
Blog
Terminating Threats: IT Security Expertise in Action
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Gabe Dimeglio is the GVP & GM of Rimini Protect™ with more than 20 years of experience in IT and security for private and public-sector organizations and expertise in strategic consulting services, risk analysis/risk mitigation and compliance.   In my role leading the development and delivery of Rimini Protect™, I’ve always been focused on addressing the […]

Read Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

The constant barrage of alerts and news of cybersecurity threats and breaches can be overwhelming to the point of exhaustion, which raises further risk that overwhelmed IT teams are unable to focus on specific vulnerabilities in their enterprise. That’s why it’s important to make sure somebody is tasked with vulnerability management – continually evaluating the […]

Read Blog