Hey there
Im setting up my first private ESXi for testing purposes..
I have installed ESXi 6.7.0U3 (Build 15160138) with a custom ISO (Realtek driver)..
I'm now getting this message:
and I am honestly not sure what I have to do now.. I've read through the article but I have no clue how to update or if I even have to? (6.7.0U3 is pretty new compared to the CVE.. isn't this fix already integrated in this version?)
Would be happy about some help :smileylaugh:
Welcome to the Community,
the mentioned KB article (and the links in it) explain the possible risks, and impacts, so make sure you are aware of this.
However, for private use you may simply disable the warning (see the Resolution section in https://kb.vmware.com/s/article/57374)
André
Hey André!
Ty for this article.. I will be hosting some applications that will be available for a few friends that know my Domain.. So I would definetly give this patch a shot.
I have read this article and the others (the one mentioned in the info message) but I still don't know how to install them :smileyplain:
Is there a way of doing it with a command ? If so, what would the command be to install this/these patches?
Best Regards,
Lukas
It's an advanced setting rather than a patch, and you can find the instructions in sections 3b at https://kb.vmware.com/s/article/55806
André
a.p. has already directed you to the right place. As you are doing this in your own lab, you can either enable one of the mitigations (SCAv1 or SCAv2) or suppress the warning. Worth enabling one of the mitigations if you haven't done so before, after all, that is the purpose of a lab
This is the summary from the article showing the mitigation options.
hyperthreadingMitigation | hyperthreadingMitigationIntraVM | Scheduler Enabled |
FALSE | TRUE or FALSE | Default scheduler (unmitigated) |
TRUE | TRUE | SCAv1 (Most Secure) |
TRUE | FALSE | SCAv2 (Balanced Security/Performance |
Okay.. so I don't have to download ESXi670-201808001 but only do this?
Okay.. so I don't have to download ESXi670-201808001 but only do this?
You've already installed the latest build, which includes all previous fixes. So all you need to do is to make the settings.
André