- ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released.
- ESXi is NOT affected by Meltdown as it does not have untrusted user access.
- We heard that the patches affect performance. Will these patches from VMware affect the performance of hypervisor?
Patches from ESXi have no measurable performance impact. But guest level patching might have. Guest OS vendor is the right contact to comment on this. E.g. from Microsoft.
- Other than patching ESXi and OS is there other things to take note?VM hardware must be upgraded in order for the patches to work. Virtual Hardware Version 9 is a minimum requirement for Hypervisor-Assisted Guest Mitigation for branch target injection (CVE-2017-5715) due to MSR bit been exposed in this version. Hardware version 11 is best recommended as PCID on CPU is exposed in this version.
- I am running vCenter on Windows, do I need to patch vCenter?
Yes, please download the latest patches together with ESXi for your vCenter. Follow the same upgrade process as per upgrading.
- How will VM that is running Windows XP, 2003, Windows 2000 and legacy OS be impacted?
OS vendors should provide the patches. In this case, Microsoft does not provide the patches for legacy OS, there will be no solution.
- Do I need to install BIOS patch from server vendor if I have applied ESXi patches?
Yes, it is best to apply server vendor BIOS patches if available as server vendor might provide additional components specific to their server hardware.
Follow Server vendor BIOS update. ESXi patches has been retracted following Intel 's instruction.
- What if I have applied server BIOS patches do I still apply VMware ESXi patches?
ESXi will only push microcode on the hardware if it is older.
No more ESXi patches.
- I am using server custom ESXi ISO but it is not updated, can I apply the patches from VMware?
Yes, you can apply these patches to custom ISO. Please check with your hardware vendors for any special change they might have.
No more ESXi patches.
- How do I know if my CPU has an updated microcode from Intel?
Please check https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr.
Refer to security advisories
- https://www.vmware.com/security/advisories/VMSA-2018-0004.html supersede https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Step to apply patches to ESXi servers
- Virtual Appliances that are affected or not in VMware products, performance impact will also be updated
Update 15th Jan 2018
ESXi patches update has been removed. Only vCenter update applies. Follow KB update.
Update 13th Jan 2018
Following Intel's update, please follow https://kb.vmware.com/s/article/52345 for Intel Haswell and Broadwell processors