- Out of 79,000 ESXi Servers installed across over 6,000 organizations, 36.49% are ESXi 6.7 and 21.30% are ESXi 6.5, which reached end-of-life.
- Only 26.4% of ESXi installations detected by Lansweeper are version 7.0 or newer, which are supported as of 15 October.
- 15.8% of installations are running even older versions, from 3.5.0 to 5.5.0, which reached end-of-life even before 2022.
Asset management and discovery software developer, Lansweeper stated that more than 45,000 VMware ESXi servers inventoried by the company reached end-of-life, which means those servers won’t get any security updates unless an extended support contract is purchased. These are the only ones reported by Lansweeper customers, thus, the number is much greater.
Only 26.4% are supported
Lansweeper gathered data from approximately 6,000 customers and detected around 79,000 VMware ESXi servers. Of those 79,000 servers, 36.5% (28,835, are running version 6.7.0 and 21.3% (16,830) are running 6.5.0. Both versions reached end-of-life on October 15, 2022, which means there are 45,654 ESXi servers that aren’t getting security updates, putting the system at risk.
Moreover, 15.8% of installations are running even older versions, from 3.5.0 to 5.5.0, which reached end-of-life even before 2022. ESXi servers are among the primary targets of threat actors, who are constantly scanning for vulnerable servers to attack. The servers that reached end-of-life will be the hackers’ main target since the vulnerabilities in those versions won’t be patched and the servers will be completely defenseless against exploitation attempts.
To protect their servers against such attacks, admins should update their ESXi installations to supported versions, 7.0 or newer. Or, users can purchase 2 years of extended support for ESXi 6.5 and 6.7, which provides support until October 15, 2024. However, it doesn’t include updates for 3rd party Software packages. And the server will also lack architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year. Lansweeper said,
« Keeping an accurate inventory of your virtual machines can be challenging. Luckily Lansweeper automatically scans detailed information from all of your servers, hosts, and virtual machines, including ESXi. Our team has created an ESXi End of Life Audit Report, that gives you an overview of all ESXi installations in your environment, whether they are still supported, and for how much longer. That way you can not only quickly spot which installations have gone past their EOL date but also plan ahead for upcoming End of Life dates. If you are using Lansweeper’s cloud version, the Lifecycle Management feature can also help you stay on top of end-of-life dates so you can plan ahead. »