Spectre Vulnerability and VMware virtual machines

I had an interesting question posed to me last week regarding the Spectre Vulnerability and virtual machines. “If I patch the hypervisor, does that mean I do not need to patch the guest operating systems”?

The answer to that is no. According the VMware Security & Compliance Blog “For these patches to be fully functional in a guest OS additional ESXi and vCenter Server updates will be required”. This would include all guest OS on the host.

Here is a link to a good post on how to create a baseline in VUM to do the patch.

If you need to do an individual install of the patch, you can run a search for it on the product patch site. https://my.vmware.com/group/vmware/patch#search The patch itself is around 500MB.

ESXi 6.5 – ESXi650-201712101-SG
ESXi 6.0 – ESXi600-201711101-SG
ESXi 5.5 – ESXi550-201709101-SG

https://kb.vmware.com/s/article/2151132 Has all the info about the patch and instruction on how to run it locally.

To understand what performance impacts you may have: https://access.redhat.com/articles/3307751

 

Leave a Reply

Your email address will not be published. Required fields are marked *