VMware launch patch Spectre & Meltdown to fix these security issues with CPU. The upgrades (vCenter) and patches (vSphere) were launched this week.
We have discussed this subject HERE on the blog; now we have some updates to fix this problem finally.
The VMware Security Advisories webpage displays the latest remediation for security vulnerabilities VMSA-2018-0004.3.
These are the main products updates:
- VMware vCenter Server
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- vCenter 6.5 update U1g
- vCenter 6.0 update U3e
- vCenter 5.5 update U3h (if you are still using this version you should upgrade since is EOL on September 19, 2018.)
- ESXi 6.5 ESXi650-201803401-BG – ESXi650-201803402-BG
- ESXi 6.0 ESXi600-201803401-BG – ESXi600-201803402-BG
- ESXi 5.5 ESXi550-201803401-BG – ESXi550-201803402-BG (if you are still using this version you should upgrade since is EOL on September 19, 2018)
Not all VMware products have updates to mitigate this issues, like vSAN, but these are the updates for the major issues and VMware products. VMware is still working patches for the rest of the products.
Important notes:
VMware Requirements
- Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
- Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
- Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base Article 1010675 discusses Hardware Versions.
Third party Requirements
- Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.
- Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor.
Is essential to upgrade first vCenter and then apply the patches in vSphere.
More information and details in:
Hypervisor-Assisted Guest Mitigation for Branch Target injection (52085)
VMware Response to Speculative Execution security issues: 52245 52337
Note: Share this article, if you think it is worth sharing.
Leave A Comment
You must be logged in to post a comment.