We have ESXi 5.5 U2 systems that have not been patched in a few years. Would you advise to patch these systems using the patches listed in VMware Update Manager or upgrade the hosts to ESXi 5.5 U3? Thank you.
If you simply apply all outstanding/latest patches via VUM on these 5.5 (whatever build/upgrade) hosts, they will automatically be upgraded to U3. No separate upgrade process is necessary here.
And yes, you should probably due that due to some critical vulnerabilities and bugs being fixed.
If you directly upgrade to 5.5 U3, and then perform a scan again, the compliance status of the VUM comes up as non compliant.
When you view why the baseline is non compliant you can see few of the patches are missing.
These missing patches are not included in the 5.5 U3 bundle (even though updates are cumulative) perhaps because of their release dates.
If the status comes up as non compliant even after updating directly to U3, you will have to perform a re-remediate to get these missing patches applied to the ESXi host.
Update manager is the easiest way to get your systems patched up to date. Your other option is to build an ISO that has ESXi update 3 with all the latest patches slip streamed into it. This is cumbersome and really not needed since you have access to update manager.