Today I noticed that VMWare has released a partial solution for the Spectre security issue ( CVE-2017-5715), according to VMWare:
This ESXi patch provides part of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems. For important details on this mitigation, see VMware Security Advisory VMSA-2018-0004.3.
It can be downloaded from their site and is also available for the free ESXi 6.5 version, the file to download is ESXi650-201803001.zip, see also VMWare Knowledge Base article 52456. Installation is quite straightforward.
To install the patches, place the .zip file in a location available for VMWare ESXi (no need to extract them) I have an folder on my NAS NFS mounted for this.
Follow the steps below to patch VMWare ESXi 6.5:
- Put your ESXi host in maintenance mode. This can be done from the command line, but I did it from the new Web interface. Please note that this will shutdown all your VMs
- Enable SSH access for the ESXi host and open an SSH connection.
- To install an update execute
esxcli software vib update -d /vmfs/volumes/NFS/updates/ESXi650-201803001.zip
The command will indicate that many packages are skipped but also (at the beginning of the output) that a few update have been installed and a reboot is needed
- Next reboot your ESXi host, it will boot still in Maintenance mode (so will not start any VMs yet. SSH access will have been disabled again automatically. Disable maintenance mode and (if necessary) manually start you VMs.