Back to resource center

No One Has Time for Complicated VMware Security Updates!

Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read
No One Has Time for Complicated VMware Security Updates!

For VMware perpetual licensees without Broadcom support, installing security patches has become more challenging.  

Last year, Broadcom assured vSphere customers that security patches for all supported versions would be made available to all customers — even those with expired support contracts.[1] However, on April 8, 2025, the company announced that updates for VMware vSphere ESXi would no longer be downloadable from their public repositories for internet-facing VMware.[2] Instead, VMware security advisories for vSphere now redirect users to a Broadcom support portal page[3], where the download process has become more involved. Specifically, users must obtain tokens[4] linked to corresponding entitlements in the support portal[5] — a convoluted process for what should be a routine security update. 

It’s no surprise that a Broadcom support discussion thread has revealed confusion among VMware customers, with many trying to navigate issues related to these tokens and entitlements just to find patches for their software versions.[6] 

For non-Broadcom-supported perpetual licensees struggling to maintain VMware security, there’s good news. Though the delivery of Broadcom-provided VMware security patches and updates is becoming increasingly complicated, the delivery of Rimini Street’s hypervisor security solution is simple and direct. 

VMware security made easy

Rimini Street offers a hassle-free solution for clients running VMware regardless of their patching strategy. By subscribing to our standard Rimini Support™ for VMware, licenses can access Rimini Protect™ Advanced Hypervisor Security (AHS), powered by Vali Cyber®.  

As part of the software delivery process, clients receive a welcome email once the purchase is complete. The welcome letter contains the download links for the individuals authorized to download the software and documentation — a straightforward process. 

To summarize: 

1.     Subscribe to our standard offering for Rimini Support™ for VMware 

2.     Open welcome email  

3.     Click on the download links 

It truly is that simple.   

An effective approach to hypervisor protection

Rimini Protect™ AHS is the industry’s first purpose-built hypervisor security solution. It’s specifically designed to defend against ransomware and other common malware-based attacks targeting Linux-based hypervisors, including VMware ESXi.  

Benefits include:  

  • Exploit protection 
  • Ransomware protection 
  • Real-time file remediation/recovery 

Additionally, it helps safeguard your hypervisor without downtime or business disruption, enabling you to focus on strategic business initiatives with greater peace of mind. 

Rimini Street also offers installation and configuration services following the industry’s best practices and methodologies backed by a team of more than 75 full-time security professionals. Security managed services are available as needed by clients. 

Learn more about the Rimini Protect AHS solution and how it serves as a reliable and effective option to help ensure VMware security here 

Content contributed by Kevin Eyre, Sr. Director Product Marketing, Rimini Street 

[1] Broadcom:  Zero Day (i.e., Critical) Security Patches for vSphere (7.x and 8.x) Perpetual License Customers with Expired Support Contracts
[2] Broadcom: VCF authenticated downloads configuration update instructions
[3] Broadcom: Security Advisories – VMware Cloud Foundation
[4] Virtual Ramblings: Updating ESXi using ESXCLI + Broadcom Tokens
[5] Broadcom: VCF authenticated downloads configuration update instructions
[6] Broadcom Community: VMware vSphere

Table of contents
You may also like

Gabe Dimeglio

CISO, SVP & GM Rimini Protect™ and Rimini Watch™

Gabe Dimeglio is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analyses/risk mitigation, and compliance.

Mr. Dimeglio serves as Vice President & Executive Advisor, Security, Office of the CTO at Rimini Street. He is responsible for oversight of the GSS organization that provides tailored consulting and advisory security services to prospects and clients, in collaboration with Rimini Street sales, client engagement, and retention functions.

LinkedIn

More from Gabe Dimeglio

Easily addressing New MITRE ATT&CK® Updates for VMware ESXi
Blog
Easily addressing New MITRE ATT&CK® Updates for VMware ESXi
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Security teams are understandably concerned about the safety of their virtualized environments with the recent swell of attacks utilizing vulnerabilities in VMware.[1] These constant threats have prompted global alerts concerning gaps in hypervisor security. In response, the MITRE Corporation recently updated its MITRE ATT&CK® framework to include specific guidelines for VMware ESXi that VMware licensees […]

Read Blog
Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit
Blog
Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read

On Thursday of last week, Rimini Protect™ security services identified that a critical vulnerability in SAP NetWeaver was actively exploited by threat actors. This exploit enables attackers to compromise systems without requiring authentication and then allows for lateral movement to carry out other malicious activities, such as data exfiltration and ransomware attacks. The CVSS score […]

Read Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

March 4, 2025 was a day filled with uncertainty for VMware clients when the US government agency CISA (Cybersecurity and Infrastructure Security Agency) announced that three VMware ESXi vulnerabilities were being added to the Known Exploited Vulnerabilities (KEV) list.[1]  Two of these vulnerabilities were ranked as “severe” and one as “critical” based on their severity […]

Read Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Software bugs: Where do they come from? How are they exterminated? You have cybersecurity questions, Rimini Street has answers. A software bug, commonly referred to as a vulnerability, is often present in the software when it’s first written. These flaws can range from minor glitches to major security gaps that open the door to cyberattacks. […]

Read Blog
Terminating Threats: IT Security Expertise in Action
Blog
Terminating Threats: IT Security Expertise in Action
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Gabe Dimeglio is the GVP & GM of Rimini Protect™ with more than 20 years of experience in IT and security for private and public-sector organizations and expertise in strategic consulting services, risk analysis/risk mitigation and compliance.   In my role leading the development and delivery of Rimini Protect™, I’ve always been focused on addressing the […]

Read Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

The constant barrage of alerts and news of cybersecurity threats and breaches can be overwhelming to the point of exhaustion, which raises further risk that overwhelmed IT teams are unable to focus on specific vulnerabilities in their enterprise. That’s why it’s important to make sure somebody is tasked with vulnerability management – continually evaluating the […]

Read Blog