This discussion thread is created to answer any questions you may have on the latest VMware Vulnerability VMSA-2021-0010.
Please review the documentation below, as this may answer any questions you have:
VMware Security Advisory - VMSA-2021-0010
VMware Blog - VMSA-2021-0010: What You Need to Know
In addition, answers to frequently asked questions are documented here - VMSA-2021-0010-FAQs
Step-by-step procedures to update vCenter Server :
Step by step procedure to update vCenter Server 7.0 appliance
Step by step procedure to update vCenter Server 6.7 appliance
Step by step procedure to update vCenter Server 6.5 appliance
Step by step procedure to update Windows vCenter Server 6.5/6.7
@Wompfel These vulnerabilities are impacting only listed plugins in HTML Client which was introduced in vCenter Server 6.5. So, Plugins in vCenter Server 6.0 are not impacted by this VMSA. Hope it helps.
@padhillon I tried with a different account as well and 6.5 U3p is visible in the Download Screen. Can you please share a screenshot of available downloads from My VMware -> All Products -> 6.5 (attached a sample screenshot - vCenterServerDownloadScreenshot.pdf)
There is no clear indication about the downloadable patch for vCenter Server 6.5 running on Windows Platform.
Can you please guide us about the applicable update version with latest build number for vCenter6.5 running on Windows?
And also share the exact download location for the same.
Note: It's not about vCenter server appliance. It's about vCenter on Windows OS.
@padhillon You may download 6.5 U3p Windows vCenter Server ISO from the below link:
https://my.vmware.com/group/vmware/downloads/details?downloadGroup=VC65U3P&productId=614&rPId=67485
Step-by-step procedure on how to update vCenter Server 6.5 Windows:
https://communities.vmware.com/t5/vSphere-Upgrade-Install/Step-by-step-procedure-to-update-windows-v...
The latest downloadable version I can find on that link is below:
VMware vCenter Server 6.5U3n
Name:Release Date:Build Number:
VMware-VIM-all-6.5.0-17590285.iso
2021-02-23
17590285
However, the new advisory for 25th May shows below as per release notes for Windows:
vCenter Server 6.5 Update 3p | 25 MAY 2021 | ISO Build 17994927
vCenter Server Appliance 6.5 Update 3p | 25 MAY 2021 | ISO Build 17994927
Two different versions and different patch level with different build numbers.
@padhillon Thanks for the update. The link I shared was a direct link for 65U3p (VMSA fixed version), screenshot attached. I am currently checking with a different account, will keep you updated.
@baijup Can you tell me, if there are any actions to be taken, for previous than 6.5 versions?
I still have a vCenter with the following version: 6.0.0. Build 3634794
(Planned to be updated)
vCenter Server before 6.5 have no HTML5 client, so currently I'm not sure if I have to or can do anything. Cause there is also a "VMware Virtual SAN Health Service", but the vCenter is running with flash.
Thanks a lot in advance.
@RADunton I'm not sure about vCenter 7.0, but for 6.7 you sure have the information, that it reloads / deploys the plugins cause you re-started the appliance.
But for the one you excluded, there should be something similar to this:
Thanks. I don't see anything like that. I'll get a case open for it.
@Wompfel These vulnerabilities are impacting only listed plugins in HTML Client which was introduced in vCenter Server 6.5. So, Plugins in vCenter Server 6.0 are not impacted by this VMSA. Hope it helps.
@padhillon I tried with a different account as well and 6.5 U3p is visible in the Download Screen. Can you please share a screenshot of available downloads from My VMware -> All Products -> 6.5 (attached a sample screenshot - vCenterServerDownloadScreenshot.pdf)
Thank you @baijup , you did a great help. I am able to get it now by following the document you shared. Earlier, it was taking me to Appliance updates and to the last available update for windows U3n only in update section.
Yes, thank you!