Spectre Vulnerability and VMware virtual machines

I had an interesting question posed to me last week regarding the Spectre Vulnerability and virtual machines. “If I patch the hypervisor, does that mean I do not need to patch the guest operating systems”?

The answer to that is no. According the VMware Security & Compliance Blog “For these patches to be fully functional in a guest OS additional ESXi and vCenter Server updates will be required”. This would include all guest OS on the host.

Here is a link to a good post on how to create a baseline in VUM to do the patch.

If you need to do an individual install of the patch, you can run a search for it on the product patch site. https://my.vmware.com/group/vmware/patch#search The patch itself is around 500MB.

ESXi 6.5 – ESXi650-201712101-SG
ESXi 6.0 – ESXi600-201711101-SG
ESXi 5.5 – ESXi550-201709101-SG

https://kb.vmware.com/s/article/2151132 Has all the info about the patch and instruction on how to run it locally.

To understand what performance impacts you may have: https://access.redhat.com/articles/3307751


End of General Support for vSphere 5.5 is September 19, 2018

The end will come sooner than you think. Don’t forget to plan ahead and upgrade to the latest version.

The End of General Support for vSphere 5.5 is September 19, 2018. To maintain your full level of support and subscription, VMware recommends upgrading to vSphere 6.5, or newer. VMware has extended the general support for vSphere 6.5 to a full five years from date of release, which means the general support for vSphere 6.5 will end November 15, 2021. For more information on the benefits of upgrading and how to upgrade, visit the VMware vSphere Upgrade Center.

If you would like assistance in moving to a newer version of vSphere, VMware’s vSphere Upgrade Service is available. This service delivers a comprehensive guide to upgrading your virtual infrastructure. It includes recommendations for planning and testing the upgrade, the actual upgrade itself, validation guidance and rollback procedures. For more information contact your Technical Account Manager or visit VMware Professional Services.

In the event you are unable to upgrade before the End of General Support (EOGS) and are active on Support and Subscription, you have the option to purchase extended support in one year increments for up to two years beyond the EOGS date. The price of Extended Support is $300,000 per product per year. Visit VMware Extended Support for more information.     

Technical Guidance for vSphere 5.5 is available until September 19, 2020 primarily through the self-help portal. During the Technical Guidance phase, VMware does not offer new hardware support, server/client/guest OS updates, new security patches or bug fixes unless otherwise noted. For more information, visit VMware Lifecycle Support Phases.