For those who were responding quickly to Meltdown and Spectre by applying security patches to their ESXi environment, it can be a bit frustrating to know that VMware pulled those packages down few days after they were released.
This is related to a reboot issue in the recent CPU microcode updates released by Intel, and both vendors aks for some time to provide a revised version of firmware.
Currently, VMware urges to apply the latest patches (released on January 9, 2018) to vCenter Server and VCSA as follows:
- VMware vCenter Server 6.5 Update 1e,
- VMware vCenter Server 6.0 Update 3d,
- VMware vCenter Server 5.5 Update 3g.
More information (and possibly updates) will come next week.
Meanwhile, I would leave here a few more articles that are worth reading:
- Firmware Updates And Initial Performance Data For Data Center Systems,
- VMware Performance Impact for CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown),
- Hypervisor-Assisted Guest Mitigation for Branch Target Injection.
25/01/2018 – Update 1: Two more articles that seem to be quite helpful are as follows:
- VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown),
- Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking).
09/02/2018 – Update 2: VMware released a new security advisory (VMSA-2018-0007) in regards to mitigating CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 in VMware Virtual Appliances.
12/02/2018 – Update 3: Another excellent summary in regards to the subject: Meltdown and Spectre: far from the solution?
25/02/2018 – Update 4: Over the last week Dell EMC released new BIOS for 13G and 14G server platforms. Still, it will take some time for VMware to update their HCL with the supported configurations. Meanwhile, it is recommended to apply Photon OS security patches to VCSA 6.5 as per the following article: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vcenter-server-appliance-photonos-security-patches.html.