Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
https://threatpost.com/cisa-orders-federal-agencies-to-fix-actively-exploited-windows-bug/178270/
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
-
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
https://threatpost.com/unpatched-vmware-bug-hypervisor-takeover/177428/