Date bug kills VMware systems

Virtual machines shot down on inglorious 12th


Irate VMware customers were left unable to power up their virtual servers this morning because of a bug that killed their systems when the clock clicked round to 12 August.

The bug was sent out to customers in ESX 3.5 update 2, VMware's latest hypervisor, which went out on 27 July. The version could have been downloaded and installed by thousands of customers since then.

Over the past 12 hours we’ve received angry reports from businesses and individuals affected by the cock-up.

VMware told El Reg it was aware of the problem. The firm’s group product marketing manager Martin Niemer said: “We are sending communication to all customers who have downloaded the software and we are aggressively working on a fix which should be within a short time frame.”

He declined to comment on how many customers would have been hit by the embarrassing date blunder. Niemer claimed that given it’s only been two weeks since ESX 3.5 update 2 was made available for download, it was unlikely that many people would have installed it in a live production environment.

But the firm’s forum suggests a different story. Since the problem first came to light, VMware's thread about the issue has been viewed more than 2,500 times.

We put that figure* to Niemer. “I cannot tell you how many customers but it only affects people who have downloaded since 27 July, so you can imagine it’s not a very big number of customers so far,” he said, before somewhat contradicting himself with this statement: “We know who they are and we’re going to contact them.”

Niemer was also unable to offer a time frame for when angry customers can expect to see a fix. “We cannot give an exact time frame but it should be within a few days... but I cannot give an exact date right now.”

We asked if the firm accepted that the bug was a major cock-up for VMware. “We’ve identified the problem and we’re working on the fix, and of course there’s going to be a post-mortem to understand what happened,” he said.

Niemer added that a work-around has been offered whereby customers should manually set the date of all ESX 3.5u2 hosts back to 10 August as a temporary fix. However, he accepted that this was not exactly a satisfactory solution for all businesses.

Some users have complained that doing this would contradict legal requirements that they must have the correct timestamps on their system.

Reg reader Duncan said VMware's FAIL represented a "fantastic bug for a company trying to embed itself into the modern computing world". While another reader, Eric, said the "time bomb" contained in the update was causing a lot of panic among businesses.

"Customers were fuming this morning having planned downtime for weeks. VMware has a lot of answering to do on this and no doubt share price will take a hit again," he said.

VMware said it will keep us up to date as to when a fix will be provided. In the meantime, anyone who has downloaded the update but not installed it is best advised to leave it gathering dust. ®

*At time of writing the thread has had more than 4,000 views.

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021