Improved GPU performance on Physical Machines running Windows Server 2022 with Horizon Indirect Display Driver based setup. This feature, which already exists for Instant Clone desktop pools, addresses this pain point for administrators. Previously, computer accounts would get created in the default OU and administrators would manually move them after pool creation. When you create an automated pool of full clone desktops, you can now specify an active directory OU in which computer accounts can be created. With the resolution of this bug, Horizon now also supports Mode B provisioning (Instant Clones without Parent VM) for vTPM-enabled desktop pools if all hosts in the cluster are running ESXi 7.0 Update 3f or later with Horizon 8 version 2212 or later. Microsoft MAK licenses are now supported with Instant Clones.įor vTPM-enabled Instant Clone desktop pools, Horizon previously always used Mode A provisioning (Instant Clones with Parent VM) due to a bug in older ESXi versions.
This feature creates an opportunity to reduce the time-consuming management of application installations on RDS Farms, and enables scenarios such as multiple users being able to use different versions of the same application while logged in to the same RDS Server. This also brings the Horizon and App Volumes administration consoles closer together, allowing Horizon administrators to add App Volumes Manager servers and entitle applications to users without the need for duplicate entitlements in App Volumes. This greatly simplifies static image management and gives administrators the ability to reduce their application specific farms. Now applications can be delivered dynamically to a generic Windows OS as users launch them. With this new feature, administrators can use App Volumes applications directly in their instant-clone RDS farms. This process is used to establish persistent communication with a command and control server that could then be used to carry out other malicious activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware.Horizon 8 version 2212 in conjunction with App Volumes 4 version 2212 introduces Horizon Published Apps on Demand. The commands are stored as a header object (named 'data') in the crafted requests. Once established, the listener will execute arbitrary commands received in crafted web (HTTP / HTTPS) requests if a particular hardcoded string (key) is present in the URI of the request. The 'VMBLastSG' service is then forcibly restarted to initiate the listener. The altered 'absg-worker.js' file then contains:
Retrieves the list of service path names stored in $path and for each replaces any instances of "()\ " with the code block stored in $expr described above, thereby injecting the web shell. The attack is very likely initiated via a Log4Shell payload similar to $|Set-Content $path Restart-Service -Force VMBlastSG"
0 kommentar(er)
