Contributor
Contributor

How to verify VMware Spectre / Meltdown remediation

Jump to solution

We have applied ESXi550-201801301-BG patch(hypervisor-specific mitigations for CVE-2017-5753 and CVE-2017-5715 - VMware Spectre / Meltdown remediation) to remediate one of our ESXi 5.5 host.

We have checked the installed VIBs after reboot using "esxcli software vib list" command.

Now, we would like to know how do we verify if our host is stable so we can remediate rest of the ESXi hosts.

Thank you,

Pallove

1 Solution

Accepted Solutions
Enthusiast
Enthusiast

There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.

----------------------------------------------------------------

If it is useful, plz mark answer as correct or helpful.

----------------------------------------------------------------

View solution in original post

0 Kudos
5 Replies
Expert
Expert

There is PowerCLI script written by William Lam https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-...

http://it-pilot.ru
Enthusiast
Enthusiast

There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.

----------------------------------------------------------------

If it is useful, plz mark answer as correct or helpful.

----------------------------------------------------------------

View solution in original post

0 Kudos
Contributor
Contributor

Thank you !!

I'll have a look at this script.

I think VMware still did not add any Microcode to their patch. Right now the patch has only hypervisor specific mitigation included.

0 Kudos
Hot Shot
Hot Shot

I can see latest microcode for all 5.5, 6.0 and 6.5 . Which branch you are not able to see the microcode

0 Kudos
Contributor
Contributor

VMware has released ESXixx0-201803401 and 02 patches 2 days ago which includes the patch to utilize the new CPU microcode released by Intel.

Details are mentioned in the blog post below which also includes links to Windows and Linux scripts on how to verify if your VMs are protected:

VMware Spectre Variant 2 CVE-2017-5715 released | RayPhoon's Virtualization and Networking Blog

0 Kudos