Users of vCenter and ESXi should update their installations now to avoid the chance of remote code execution occurring on their host machines.
An insecure configuration of Java Management Extensions (JMX) within VMware’s vCenter has been pinned as the cause of an exploit that would allow code execution on host machines. One of the discoverers of the security hole, 7 Elements’ Doug Mcleod, said the vulnerability allowed for system level access to virtual machine host servers, and resulted in a full compromise of the environment.
Read more at ZDNet News