VMware Users Face Security Patch Download Issues
▼ Summary
– Some VMware perpetual license holders cannot download security patches, leaving their systems at risk without a clear timeline for resolution.
– Broadcom’s shift to subscription-based licenses has left some users without support contracts, though they were promised access to critical security patches.
– VMware customer service indicated some users may wait up to 90 days for patches, while Broadcom claims portal limitations are causing delays.
– Broadcom insists it remains committed to providing free critical patches for legacy VMware products but has not specified when affected users will receive them.
– The delay coincides with a legal challenge from CISPE, which is appealing the European Commission’s approval of Broadcom’s VMware acquisition.
VMware users relying on perpetual licenses are encountering unexpected hurdles when attempting to download critical security patches, leaving their systems vulnerable to potential threats. Reports indicate that Broadcom, which acquired VMware last year, has temporarily restricted access to these updates for certain customers, citing technical limitations with its support portal.
The issue primarily affects organizations that chose not to transition to Broadcom’s subscription-based licensing model after the acquisition. While these users were promised continued access to zero-day security fixes, many have found themselves unable to retrieve the latest patches. Some have been informed by customer support that the delay could extend up to 90 days, a concerning timeline given the severity of recently disclosed vulnerabilities.
On July 15, VMware issued a security advisory detailing three critical flaws impacting eight of its products. Despite assurances from Broadcom that legacy users would still receive patches, the company has yet to clarify when these updates will be made available. A spokesperson stated that while critical security patches remain accessible for unsupported perpetual license holders, the current portal restrictions mean only customers with active entitlements can download them immediately. Others must wait for an unspecified “separate patch delivery cycle.”
The situation has drawn criticism, particularly as Broadcom has simultaneously intensified pressure on perpetual license users by issuing audit letters, a move perceived as an attempt to push them toward subscription plans. Meanwhile, the controversy coincides with renewed scrutiny of Broadcom’s VMware takeover. The European cloud trade group CISPE has filed a legal challenge against the European Commission’s approval of the acquisition, arguing for its annulment over competition concerns.
For now, affected VMware customers remain in limbo, balancing security risks against the uncertainty of when patches will arrive. With no clear resolution timeline, the delay raises questions about Broadcom’s handling of legacy users and its broader commitment to maintaining VMware’s ecosystem securely.
(Source: Ars Technica)
