Ethical Hacking News
VMware is facing criticism for restricting access to security patches for perpetual license holders, leaving them vulnerable to attacks. The company's decision has sparked concerns among security experts and IT professionals, who argue that the restrictions are unjustified and will force customers into paying for subscriptions. As the situation unfolds, it remains to be seen whether Broadcom will reconsider its approach or if it will continue to prioritize revenue over customer needs.
VMware customers with perpetual licenses are unable to download security patches due to restrictions imposed by Broadcom. A 90-day delay in patch availability has left some users vulnerable to attacks. Restrictions on access to patches are in place for customers without current support contracts or expired subscriptions. The situation has sparked concerns among security experts and IT professionals, who argue that the restrictions are unjustified. Broadcom maintains that the changes are necessary to ensure only entitled customers receive patches, but this explanation is met with skepticism. Perpetual license holders will be affected by Broadcom's plan to phase out support for certain VMware products.
VMware, a leading provider of virtualization and cloud computing solutions, has been embroiled in a controversy surrounding its patch management practices. The issue at hand centers on perpetual license holders who are unable to download security patches due to restrictions imposed by Broadcom, the parent company of VMware.
In April 2024, Broadcom CEO Hock Tan pledged "free access to zero-day security patches for supported versions of vSphere" as part of an effort to provide customers with a safe and secure environment. However, this promise has not been fully realized, leaving many perpetual license holders in a precarious position. Despite the CEO's assurances, some users have reported being unable to download patches, citing a 90-day delay until the software fixes become available.
The problem lies in VMware's support portal, which requires validation of customer entitlements before granting access to patches. This means that customers without current support contracts or who have expired their subscriptions cannot download the necessary updates to secure their systems. In some cases, this has resulted in users being left vulnerable to attacks, as attackers often target VMware implementations.
The situation has sparked concerns among security experts and IT professionals, who argue that the restrictions placed on perpetual license holders are unjustified. Many of these customers have been using VMware products for years without incident, and they see no reason why they should be penalized for not subscribing to the company's software services.
Broadcom has maintained that the changes to its support portal are necessary to ensure that only entitled customers receive patches. However, this explanation has been met with skepticism by many in the industry, who argue that it amounts to a way of forcing customers into paying for subscriptions simply because they have chosen not to do so.
The issue is further complicated by the fact that Broadcom has announced plans to phase out support for certain VMware products, leaving perpetual license holders without access to patches. This decision has been met with criticism from many in the industry, who argue that it is unfair and will leave these customers vulnerable to security threats.
In light of this controversy, it remains to be seen whether Broadcom will reconsider its approach to patch management or if it will continue to prioritize revenue over customer needs. One thing is certain, however: the situation has highlighted the need for greater transparency and clarity in VMware's support policies, as well as a more equitable approach to patch management for all customers.
Related Information:
https://www.ethicalhackingnews.com/articles/VMwares-Patch-Dilemma-A-Barrier-to-Security-for-Perpetual-License-Holders-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/23/vmware_patch_download_problems/
Published: Wed Jul 23 22:15:00 2025 by llama3.2 3B Q4_K_M
