/VMware launch patch Spectre & Meltdown

VMware launch patch Spectre & Meltdown

VMware launch patch Spectre & Meltdown to fix these security issues with CPU. The upgrades (vCenter) and patches (vSphere) were launched this week.

VMware launch patch Spectre & Meltdown

We have discussed this subject HERE on the blog; now we have some updates to fix this problem finally.

The VMware Security Advisories webpage displays the latest remediation for security vulnerabilities VMSA-2018-0004.3.

These are the main products updates:

  • VMware vCenter Server
  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • vCenter 6.5 update U1g
  • vCenter 6.0 update U3e
  • vCenter 5.5 update U3h (if you are still using this version you should upgrade since is EOL on September 19, 2018.)
  • ESXi 6.5 ESXi650-201803401-BG – ESXi650-201803402-BG
  • ESXi 6.0 ESXi600-201803401-BG – ESXi600-201803402-BG
  • ESXi 5.5 ESXi550-201803401-BG – ESXi550-201803402-BG (if you are still using this version you should upgrade since is EOL on September 19, 2018)

Not all VMware products have updates to mitigate this issues, like vSAN, but these are the updates for the major issues and VMware products. VMware is still working patches for the rest of the products.

VMware launch patch Spectre & Meltdown

Important notes:

VMware Requirements

  • Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
  • Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
  • Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base Article 1010675 discusses Hardware Versions.

Third party Requirements

  • Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.
  • Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor.

Is essential to upgrade first vCenter and then apply the patches in vSphere.

More information and details in:

Hypervisor-Assisted Guest Mitigation for Branch Target injection (52085)

VMware Response to Speculative Execution security issues: 52245 52337

Note: Share this article, if you think it is worth sharing.

©2018 ProVirtualzone. All Rights Reserved
By | 2018-03-22T20:52:22+01:00 March 22nd, 2018|VMware Posts|0 Comments

About the Author:

I am over 20 years’ experience in the IT industry. Working with Virtualization for more than 10 years (mainly VMware). I am an MCP, VCP6.5-DCV, VMware vSAN Specialist, Veeam Vanguard 2018/2019, vExpert vSAN 2018/2019 and vExpert for the last 4 years. Specialties are Virtualization, Storage, and Virtual Backups. I am working for Elits a Swedish consulting company and allocated to a Swedish multinational networking and telecommunications company as a Teach Lead and acting as a Senior ICT Infrastructure Engineer. I am a blogger and owner of the blog ProVirtualzone.com

Leave A Comment