WASHINGTON (Reuters) -The U.S. cybersecurity watchdog agency on Wednesday ordered federal officials to update or remove a slew of products made by digital services company VMWare Inc, saying hackers were actively using vulnerable versions of the products to break into targeted organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that hackers had managed to reverse engineer recent updates made to VMWare products and were using the knowledge to target old versions and hack into unpatched devices.
The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.
CISA said that any unpatched VMWare devices still accessible from the internet should be assumed to be compromised.
VMWare, which spun off from Dell Technologies Inc last year, told its customers in a blog post that, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments."
CISA Director Jen Easterly said in a statement that the vulnerabilities in old versions of the VMWare products posed "an unacceptable risk to federal network security."
"We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks," she said.
(Reporting by Raphael Satter; Editing by Jonathan Oatis and Richard Pullin)