Spectre & Meltdown Update

So it seems that the microcode patches released by VMware associated with their recent Security Advisory (VMSA-2018-0004) have been pulled….
https://kb.vmware.com/s/article/52345
So that’s ESXi650-201801402-BG, ESXi600-201801402-BG, or ESXi550-201801401-BG.

The microcode patch provided by Intel was buggy and there seems to be issues when VMs access the new speculative execution control mechanism (Haswell & Broadwell processors). However, I can’t seem to find much around what these issues are…

For the time being, if you haven’t applied one of those microcode patches, VMware recommends not doing so and to apply the patches listed in VMSA-2018-0002 instead.

If you have applied the latest patches you will have to edit the config files of each ESXi host and add in a line that hides the new speculative execution control mechanism and reboot the VMs on that host. Detailed information can be found in the KB above.

 

Finally William Lam has created a very handy PowerCLI script that will help provide information about your existing vSphere environment and help identify whether you have hosts that are impacted by Spectre and this new Intel Sighting issue: https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-using-powercli.html

Advertisements

vSphere Patch released to resolve APD errors

Finally VMware have patched the problem with the previous vSphere update that ended up causing All Paths Down errors with NFS storage which I blogged about here: https://thevirtualunknown.wordpress.com/2014/04/24/intermittent-nfs-all-paths-down-on-esxi-5-5-u1-upgrade/

ESXi 5.5 Express Patch 04 has resolved this issue and so any customers with NFS storage should be able to safely patch their VMware environment to resolve the OpenSSL Heartbleed vulnerability without fear of losing their storage connectivity! =)

For more information about the patch, visit the KB: http://kb.vmware.com/kb/2077360

VMware have also released an update to vCenter Server to address a few issues. For more information about this update, have a look at the release notes: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1b-release-notes.html