VMware Patches for Spectre

VMSA-2018-0012 – Speculative Store Bypass – SpectreNG

Not long after the first release of Meltdown and Spectre vulnerabilities, Google and Microsoft researchers independently reported two other variants of the modern processors bugs: a new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB, previously known as SpectreNG – variant 4) has been assigned CVE-2018-3639; another Meltdown variation, rogue system register read (also called variant 3a) has been assigned CVE-2018-3640.

Among affected processors we find a wide range of chipsets: Intel and AMD x86, IBM POWER 8 and 9, and ARM CPUs.

Catalin Cimpanu wrote for Bleeping Computer:

Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack. The most important of these two is Variant 4. Both bugs occur for the same reason – speculative execution – a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

The difference is that Variant 4 affects a different part of the speculative execution process —the data inside the “store buffer” inside a CPU’s cache.

Read More

PowerCLI 10.1.0

VMware PowerCLI 10.1.0

VMware released a new PowerCLI version, version 10.1.0. I will cover in this article the improvements brought by PowerCLI 10.1.0, the installation process on Windows and the update procedure on both Windows and Linux.

PowerCLI 10.1.0 Changes

New features:

  • New module: VMware.Vim provides vSphere API bindings, allowing access to the latest features available in the VMware Cloud on AWS.
  • New cmdlets: Set-ScriptBundleAssociation and Remove-ScriptBundle added to the VMware.DeployAutomation module. They provide the ability to work with script bundles modification.

Updates:

  • NSX-T module has been updated to support the new API features in VMware NSX-T 2.1.
  • VMware PowerCLI has been updated to support the new API features in VMware vSphere 6.7.
  • Instead of producing a warning when connecting to resources using invalid or self-signed certificates, PowerCLI now produces an error.
  • The Import-VApp cmdlet has been updated to support SHA-256 and SHA-512 hash algorithms.
  • The Version parameter of the New-VM and Set-VM cmdlets has been deprecated and replaced by the HardwareVersion parameter that accepts string input.
  • The Version property of the VirtualMachine object has been deprecated and replaced by the HardwareVersion property.

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0010 – Horizon DaaS Update

VMware has released a new security advisory: VMSA-2018-0010: Horizon DaaS update addresses a broken authentication issue.

This advisory documents the remediation of one moderate issue: Horizon DaaS contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication.

To be able to exploit this vulnerability, a potential attacker must have a legitimate account on Horizon DaaS.

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6960 to this issue.

All 7.x versions of Horizon DaaS are affected by this vulnerability. VMware recommends update to version 8.0.0.

Read More

Install vSphere 6.7

How to Install VMware vSphere 6.7

In this article I will show you how to install VMware vSphere 6.7. If you are looking for instructions about how to install vSphere 6.5, you can find them here.

To start, you need an installation iso for vSphere 6.7, which you can download from your My.VMware account. From here, I downloaded VMware-VMvisor-Installer-6.7.0-8169922.x86_64.iso (vSphere 6.7 build 8169922). I will install vSphere into a virtual machine (beware, this is a configuration unsupported by VMware, but often seen in home labs), so I will just mount the iso file into the CD drive and power on the VM.

Install VMware vSphere 6.7

As soon as the VM boots, you will see a “Loading ESXi installer screen”:

Install vSphere 6.7 - Loading ESXi installer

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0009 – vRealize Automation Vulnerabilities

VMware has released a new security advisory: VMSA-2018-0009 – vRealize Automation updates address multiple security issues.

This advisory documents the remediation of two issues: one important (DOM-based cross-site scripting vulnerability which may lead to the compromise of the vRA user’s workstation) and one moderate (Missing renewal of session tokens vulnerability which may lead to the hijacking of a valid vRA user’s session).

VMSA-2018-0009 – DOM-based Cross-site Scripting (XSS) Vulnerability

CVE-2018-6958 – vRealize Automation contains an important vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.

Read More

VMware Released ESXi Patches for Spectre

VMware released patches against Spectre-2 vulnerability. In order to protect against branch target injection vulnerability (also known as Spectre-2), you need to patch the full stack, ranging from vCenter, down to ESXi and the operating system. Don’t forget to also update the firmware for your hardware.

For vCenter, VMware released few days ago the corresponding patches:

Going down to ESXi level, VMware released these patches:

  • ESXi 6.5 – ESXi650-201803401-BG and ESXi650-201803402-BG
  • ESXi 6.0 – ESXi600-201803401-BG and ESXi600-201803402-BG
  • ESXi 5.5 – ESXi550-201803401-BG and ESXi550-201803402-BG

In this article I will focus on ESXi 6.5 patches.

ESXi650-201803401-BG updates the esx-base, esx-tboot, vsan and vsanhealth VIBs. ESXi650-201803402-BG updates the cpu-microcode VIB. Both patches provide parts of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (as described in VMware Security Advisory VMSA-2018-0004.3).

Read More

New Security Patch – vCenter Server 6.5 U1g

VMware released today a new security patch, vCenter Server 6.5 U1g, build number 8024368. This release contains few VMware software fixes, security fixes, and third-party product fixes. The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-8024368.iso, 3.36 GB). Patch is also available through standard online repository.

Updated packages in vCSA (Photon OS):

vCenter Server 6.5 U1g provides part of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (Spectre-2 vulnerability). For more details on this mitigation, see VMware Security Advisory VMSA-2018-0004.3.

The patch also fixes an issue where in some cases the inclusion of an ESXi host into an empty Enhanced vMotion Compatibility (EVC) cluster would fail even though the host met the requirements.

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0008 – Workstation and Fusion Vulnerability

VMware has released a new security advisory: VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability.

This advisory documents the remediation of one issue, rated with a severity of Important. VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. A successfully exploitation of the vulnerability will result in a virtual machine shutdown.

The identifier CVE-2018-6957 was assigned to this vulnerability. The vulnerability was discovered by a Cisco Talos researcher.

Read More

VMware vExpert 2018

VMware vExpert 2018

The results for VMware vExpert 2018 program are finally in and I’m so glad to let you know that I have been accepted! There is always a first time and now it is for me. It is a great honor to be part of this vExpert community I heard about so much in the last years. I am looking at the vExpert names, there are people I follow for many years and I’m wondering what am I doing here? It remains to be seen.

So, what is this VMware vExpert program about? I will let one of the main persons behind it to explain:

“Each year, we bring together in the vExpert Program the people who have made some of the most important contributions to the VMware community. These are the bloggers, book authors, VMUG leaders, speakers, tool builders, community leaders and general enthusiasts. They work as IT admins and architects for VMware customers, they act as trusted advisors and implementors for VMware partners or as independent consultants, and some work for VMware itself. All of them have the passion and enthusiasm for technology and applying technology to solve problems. They have contributed to the success of us all by sharing their knowledge and expertise over their days, nights, and weekends.” – Corey Romero

So far, the community gave me and the other first-timers a warm welcome. I want to express a special thank you to Ariel Sanchez for the “unofficial welcoming tips pack”!

You can check the entire list of vExperts in the official Directory. 67 countries have representatives in the vExpert community, and I’m happy I helped to place Romania on the map! I hope next year we will see more Romanians around!

Congratulations to all vExperts out there!

PowerCLI 10.0.0 Linux Error in VMware.VimAutomation.Srm Module

VMware released recently version 10.0.0 of PowerCLI. One of the major “selling” points for PowerCLI 10.0.0 is the way it works exactly the same regardless of the platform: Windows, Linux, and Mac OS. As a result, immediately after I updated my Windows installation to 10.0.0, I proceeded to install a Linux version of PowerCLI.

I will document in this article how to install PowerShell Core 6.0.1 on Linux and how to install PowerCLI 10.0.0. I will then write about the error I met (“Import-Module : VMware.VimAutomation.Srm module is not currently supported on the Core edition of PowerShell”) and how I solved it. Update 5 May 2018: VMware released a new version 10.1.0, same error is present.

First stop was “Compatibility Matrixes for VMware PowerCLI 10.0.0”. The only supported Linux OS is Ubuntu 16.04. I then installed a VM running this Ubuntu version. I then followed the Microsoft provided instructions to install PowerShell Core 6.0.1. (On a related note, I ran PowerCLI 10.0.0 on CentOS 7 without other issues – except of course for the modules errors).

Read More