/VMware launch patch Spectre & Meltdown

VMware launch patch Spectre & Meltdown

VMware launch patch Spectre & Meltdown to fix these security issues with CPU. The upgrades (vCenter) and patches (vSphere) were launched this week.

VMware launch patch Spectre & Meltdown

We have discussed this subject HERE on the blog; now we have some updates to fix this problem finally.

The VMware Security Advisories webpage displays the latest remediation for security vulnerabilities VMSA-2018-0004.3.

These are the main products updates:

  • VMware vCenter Server
  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • vCenter 6.5 update U1g
  • vCenter 6.0 update U3e
  • vCenter 5.5 update U3h (if you are still using this version you should upgrade since is EOL on September 19, 2018.)
  • ESXi 6.5 ESXi650-201803401-BG – ESXi650-201803402-BG
  • ESXi 6.0 ESXi600-201803401-BG – ESXi600-201803402-BG
  • ESXi 5.5 ESXi550-201803401-BG – ESXi550-201803402-BG (if you are still using this version you should upgrade since is EOL on September 19, 2018)

Not all VMware products have updates to mitigate this issues, like vSAN, but these are the updates for the major issues and VMware products. VMware is still working patches for the rest of the products.

VMware launch patch Spectre & Meltdown

Important notes:

VMware Requirements

  • Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
  • Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
  • Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base Article 1010675 discusses Hardware Versions.

Third party Requirements

  • Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.
  • Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor.

Is essential to upgrade first vCenter and then apply the patches in vSphere.

More information and details in:

Hypervisor-Assisted Guest Mitigation for Branch Target injection (52085)

VMware Response to Speculative Execution security issues: 52245 52337

Note: Share this article, if you think it is worth sharing.

©2018 ProVirtualzone. All Rights Reserved
By | 2018-03-22T20:52:22+01:00 March 22nd, 2018|VMware Posts|0 Comments

About the Author:

I have over 20 years of experience in the IT industry. I have been working with Virtualization for more than 15 years (mainly VMware). I recently obtained certifications, including VCP DCV 2022, VCAP DCV Design 2023, and VCP Cloud 2023. Additionally, I have VCP6.5-DCV, VMware vSAN Specialist, vExpert vSAN, vExpert NSX, vExpert Cloud Provider for the last two years, and vExpert for the last 7 years and a old MCP. My specialties are Virtualization, Storage, and Virtual Backup. I am a Solutions Architect in the area VMware, Cloud and Backup / Storage. I am employed by ITQ, a VMware partner as a Senior Consultant. I am also a blogger and owner of the blog ProVirtualzone.com and recently book author.

Leave A Comment