A patch issued in October for a remote code execution flaw in VMware vCenter Server was incomplete. The flaw allowed unauthenticated attackers to use it to run code on the server. VCenter Server is used by organizations to manage their virtual server environments. An additional patch is required to fix the flaw, and Windows Firewall mitigates the vulnerability. The original update also patched a remote execution double free vulnerability in the ESXi OpenSLP s SLPDProcessMessage() function, and a denial-of-service flaw.
Source: https://threatpost.com/vmware-reissues-vcenter-server-patch/116244/