VMware has released new patches for CVE-2024-38812, a critical remote code execution vulnerability in VMware vCenter Server that was not fully fixed by the initial patch in September 2024. The flaw, rated 9.8/10 on the CVSS scale, is caused by a heap overflow in the DCE/RPC protocol, impacting vCenter Server and related products like vSphere and Cloud Foundation. Discovered by TZL researchers during the 2024 Matrix Cup, the flaw allows exploitation via specially crafted network packets without user interaction. VMware urges users to apply the latest updates for vCenter 7.0.3, 8.0.2, and 8.0.3, as older versions will not receive patches. No workarounds or reported exploitation have been observed yet.