Once more it seems, VMware ESX source code has been leaked and posted online for would be hackers looking to cause chaos. A Netherlands-based hacker known as Stun claimed to be affiliated with Anonymous and tweeted a link to a torrent site hosting the stolen VMkernel source code. Tweeting: "WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED"
VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed that this is the source code for its ESX hypervisor platform. But said the code is dated back to an earlier release of the product, going back to 1998-2004.
But in response to that, Stun wrote: "VMware will try to make like this Kernel is old and isn’t used in its
recent products. But thank god, there is still such a thing as reverse
engineering that will prove its true destiny." He added, "Little sidenote about this
release, it is the VMKernel from between 1998 and 2004, but as we all
know, kernels don’t change that much in programs, they get extended or
adapted but some core functionality still stays the same."
Mulholland warned that more related files could be posted in the future. That’s a similar warning he gave back in April and May when the first batches of ESX source code were leaked online.
"As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment," he said. Customers can find the security patch information in VMware’s Knowledge Base resource.
He also recommended customers review VMware's security hardening guides
VMware’s Security Response Center is currently investigating the posting of the full source code on Twitter.