Andy's VMware vSphere tip#8: Spectre and Meltdown....Have you patched your server yet? It's almost 5 months since this Security Flaw was found in Intel CPUs, and we are still finding many VMs, and Hosts in the wild which are still not patched!

Remember this actually requires a little bit of work... To successfully patch against Spectre and Meltdown, you must:-

1. Update the BIOS and Firmware, and maybe CPU microcode in the Host ESXi Server. Some BIOS updates update the microcode for you. Check with your Server Vendor, some server vendor have been very slow to release new BIOS/Firmware/Microcode updates, and some servers may be now end of life, as server vendor may not release new code.

2. Update vCenter Server to 6.5 U1g, 6.0 U3e or 5.5 U3h.

3. Update the ESXi Build to the latest versions

ESXi 6.5: ESXi650-201803401-BG* and ESXi650-201803402-BG**
ESXi 6.0: ESXi600-201803401-BG* and ESXi600-201803402-BG**
ESXi 5.5: ESXi550-201803401-BG* and ESXi550-201803402-BG**

4. Update VMware Tools and all virtual machine hardware versions to 11.

5. Update Guest VM with latest updates.

6. You can then sit back, you are patched!

https://kb.vmware.com/s/article/52085

https://blogs.vmware.com/services-education-insights/feed-items/meltdown-and-spectre-vmware-patches#

https://blogs.vmware.com/feed-items/vmware-releases-patches-for-meltdown-and-spectre-bug/

If you need to discuss this further please, post a question to the VMware topic area.
1

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month