Showing posts with label ESXi vulnerability VMSA-2017-0006. Show all posts
Showing posts with label ESXi vulnerability VMSA-2017-0006. Show all posts

Saturday 15 April 2017

VMSA-2017-0006 vulnerability remediation for ESXi hosts

Or, VMware ESXi 6.0 vulnerability VMSA-2017-0006 remediation
Or, VMware ESXi vulnerability VMSA-2017-0006 remediation planning and execution

Descriptions: On Mar 28th 2017 US-CERT notified it’s users about this vulnerability with VMware ESXi hosts. The remediation of this vulnerability is to update the ESXi hosts with the patch recommended by VMware. In my case the recommended patch was ESXi600-201703003.zip as my VMware ESXi servers are running on version 6.0 U2.

Scenario: As I am using ESXi Server version 6.0 U2, the recommended patches details are as below as per the reported vulnerability security advisory reference KB.


You have to scroll down the page till the end to see these patches details as shown in the below screenshot.











Remediation Procedure/Steps:

Stage-1
As shown and explained in the above screenshot, please go to the VMware KB http://kb.vmware.com/kb/2149673 Or,

It should be containing following information as highlighted in red in the below screenshot.















Stage-2
Now download the required patch from VMware Site (in my case it’s the below one):

This is the same URL which was given in security advisory (can see the very first screenshot in this article for reference).

You must be logged-in in the “My VMware” portal to be able to access this patch download windows.

The download page should be looking like below:














After downloading the path file will be appearing like below in a .Zip file format.











Use this file to update the patches on all affected VMware ESXi servers. You can use either manual method of installing this patch on all affected ESXi servers or you can use the easiest method of doing it by using VMware vSphere update manager.

I am a lazy administrator so don’t expect me to do this patching activity manually. Yes, I used the easiest method of doing it by using Update manager.

I have posted all the steps in my another article How to use Update Manager for patch installation on ESXi servers? . 

You can refer this article if you want to use Update manager for installing these updates on your ESXi hosts.

Cheers, Please write me back if you have any query or feedback on this.