meltdown / Spectre and VMWare 5.5 and 5.1

We have a couple vcenters with esxi hosts. 5.5 and 5.1. Should we be concerned about all the hype over the meltdown and Spectre vulnerabilities? I know it has caused havoc in the Microsoft world. What should we be concerned about in the VMware world?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ajay ChananaMCSE-2003/08|RHCSA| VCP5/6 |vExpert2018Commented:
There are patches been released so if you apply those you can avoid the above vulnerabilities.

Stay tuned for more information.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ajay ChananaMCSE-2003/08|RHCSA| VCP5/6 |vExpert2018Commented:
5.1 is out of support , so I don't think there will be patches for it. I would recommend to have your environment upgraded to be on safer side.

For more information please open ticket with VMware on this.
Ajay ChananaMCSE-2003/08|RHCSA| VCP5/6 |vExpert2018Commented:
You may download patch following below kb.

Please note other than above guest side patching is also required.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

btanExec ConsultantCommented:
Virtually all machine including VMWare are affected as the underlying vulnerabilities are due to the INtel, AMD and ARM CPU. It is unlikely any hardware is not using these hardware. VMware released security advisory VMSA-2018-0002 in regards to Meltdown and Spectre vulnerabilities.
VMSA-2018-0002 – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

This advisory documents remediation for known variants of the Bounds-Check Bypass (CVE-2017-5753) and Branch Target Injection (CVE-2017-5715) issues due to speculative execution disclosed today by Google Project Zero. These issues may result in information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host.

A third issue due to speculative execution, Rogue Data Cache Load (CVE-2017-5754), was disclosed along the other two issues. It does not affect ESXi, Workstation, and Fusion because ESXi does not run untrusted user mode code, and Workstation and Fusion rely on the protection that the underlying operating system provides.
The remediation as documented in VMSA-2018-0002, has been present in VMware Cloud on AWS since early December 2017.

The short of it, result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. Go to the advisory to patch the multiple VMware products affected:

  1. ESXi 5.5, 6.0, and 6.5 (install relevant patches: ESXi550-201709101-SG, ESXi600-201711101-SG, ESXi650-201712101-SG; ESXi 5.5 patch has remediation against CVE-2017-5715, but not against CVE-2017-5753)
  2. Workstation 12.x (update to 12.5.8)
  3. Fusion 8.x (update to 8.5.9)

Specific patch available
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware ESXi 6.5

VMware ESXi 6.0

VMware ESXi 5.5

VMware Workstation Pro, Player 12.5.8
Downloads and Documentation:

VMware Fusion Pro / Fusion 12.5.9
Downloads and Documentation:
Giridhara Raam MDigital Marketing SpecialistCommented:
Mitigate @intel bugs,

Join this free webinar titled "How to mitigate Meltdown and Spectre bugs" on Jan 10, 11:00 am EDT to get hands on experience.

btanExec ConsultantCommented:
For author advice
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.