VMware Cloud Community
palloveverma
Contributor
Contributor
‎03-20-2018 10:20 PM
Jump to solution

How to verify VMware Spectre / Meltdown remediation

We have applied ESXi550-201801301-BG patch(hypervisor-specific mitigations for CVE-2017-5753 and CVE-2017-5715 - VMware Spectre / Meltdown remediation) to remediate one of our ESXi 5.5 host.

We have checked the installed VIBs after reboot using "esxcli software vib list" command.

Now, we would like to know how do we verify if our host is stable so we can remediate rest of the ESXi hosts.

Thank you,

Pallove

1 Solution

Accepted Solutions
aadi369
Enthusiast
Enthusiast
‎03-21-2018 01:44 AM
Jump to solution

There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.

----------------------------------------------------------------

If it is useful, plz mark answer as correct or helpful.

----------------------------------------------------------------

View solution in original post

0 Kudos
5 Replies
IT_pilot
Expert
Expert
‎03-21-2018 12:14 AM
Jump to solution

There is PowerCLI script written by William Lam https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-...

http://it-pilot.ru
aadi369
Enthusiast
Enthusiast
‎03-21-2018 01:44 AM
Jump to solution

There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.

----------------------------------------------------------------

If it is useful, plz mark answer as correct or helpful.

----------------------------------------------------------------

0 Kudos
palloveverma
Contributor
Contributor
‎03-22-2018 02:07 AM
Jump to solution

Thank you !!

I'll have a look at this script.

I think VMware still did not add any Microcode to their patch. Right now the patch has only hypervisor specific mitigation included.

0 Kudos
Techie01
Hot Shot
Hot Shot
‎03-22-2018 02:50 AM
Jump to solution

I can see latest microcode for all 5.5, 6.0 and 6.5 . Which branch you are not able to see the microcode

0 Kudos
rphoon
Contributor
Contributor
‎03-22-2018 05:35 AM
Jump to solution

VMware has released ESXixx0-201803401 and 02 patches 2 days ago which includes the patch to utilize the new CPU microcode released by Intel.

Details are mentioned in the blog post below which also includes links to Windows and Linux scripts on how to verify if your VMs are protected:

VMware Spectre Variant 2 CVE-2017-5715 released | RayPhoon's Virtualization and Networking Blog

0 Kudos