VMware Prevents Some Perpetual License Holders From Downloading Patches

An anonymous reader quotes a report from The Register: Some customers of Broadcom's VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for software subscriptions. Yet many customers in this situation run products that Broadcom continues to support with patches and updates.

In April 2024, Broadcom CEO Hock Tan promised 'free access to zero-day security patches for supported versions of vSphere' so customers 'are able to use perpetual licenses in a safe and secure fashion.' VMware patches aren't freely available; users must log on to Broadcom's support portal to access the software. Some VMware users in this situation have told The Register that when they enter the portal they cannot download patches, and that VMware support staff have told them it may be 90 days before the software fixes become available. 'Because our support portal requires validation of customer entitlements for software patches, only entitled customers have access to the patches at this time,' a VMware spokesperson said. 'A separate patch delivery cycle will also be available for non-entitled customers and will follow at a later date.'

The timing of that 'later date' remains uncertain. The Register also notes that 'users haven't had access to patches since May.'

Read more of this story at Slashdot.