We have applied ESXi550-201801301-BG patch(hypervisor-specific mitigations for CVE-2017-5753 and CVE-2017-5715 - VMware Spectre / Meltdown remediation) to remediate one of our ESXi 5.5 host.
We have checked the installed VIBs after reboot using "esxcli software vib list" command.
Now, we would like to know how do we verify if our host is stable so we can remediate rest of the ESXi hosts.
Thank you,
Pallove
There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.
----------------------------------------------------------------
If it is useful, plz mark answer as correct or helpful.
----------------------------------------------------------------
There is PowerCLI script written by William Lam https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-...
There is so specific SOP or method to verify remediation of VMware Spectre / Meltdown remediation). However, keep on tracking release of new updates from VMware for the same and keep updating.
----------------------------------------------------------------
If it is useful, plz mark answer as correct or helpful.
----------------------------------------------------------------
Thank you !!
I'll have a look at this script.
I think VMware still did not add any Microcode to their patch. Right now the patch has only hypervisor specific mitigation included.
I can see latest microcode for all 5.5, 6.0 and 6.5 . Which branch you are not able to see the microcode
VMware has released ESXixx0-201803401 and 02 patches 2 days ago which includes the patch to utilize the new CPU microcode released by Intel.
Details are mentioned in the blog post below which also includes links to Windows and Linux scripts on how to verify if your VMs are protected:
VMware Spectre Variant 2 CVE-2017-5715 released | RayPhoon's Virtualization and Networking Blog