VMware Released ESXi Patches for Spectre

VMware released patches against Spectre-2 vulnerability. In order to protect against branch target injection vulnerability (also known as Spectre-2), you need to patch the full stack, ranging from vCenter, down to ESXi and the operating system. Don’t forget to also update the firmware for your hardware.

For vCenter, VMware released few days ago the corresponding patches:

Going down to ESXi level, VMware released these patches:

  • ESXi 6.5 – ESXi650-201803401-BG and ESXi650-201803402-BG
  • ESXi 6.0 – ESXi600-201803401-BG and ESXi600-201803402-BG
  • ESXi 5.5 – ESXi550-201803401-BG and ESXi550-201803402-BG

In this article I will focus on ESXi 6.5 patches.

ESXi650-201803401-BG updates the esx-base, esx-tboot, vsan and vsanhealth VIBs. ESXi650-201803402-BG updates the cpu-microcode VIB. Both patches provide parts of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (as described in VMware Security Advisory VMSA-2018-0004.3).

Read More

New Security Patch – vCenter Server 6.5 U1g

VMware released today a new security patch, vCenter Server 6.5 U1g, build number 8024368. This release contains few VMware software fixes, security fixes, and third-party product fixes. The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-8024368.iso, 3.36 GB). Patch is also available through standard online repository.

Updated packages in vCSA (Photon OS):

vCenter Server 6.5 U1g provides part of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (Spectre-2 vulnerability). For more details on this mitigation, see VMware Security Advisory VMSA-2018-0004.3.

The patch also fixes an issue where in some cases the inclusion of an ESXi host into an empty Enhanced vMotion Compatibility (EVC) cluster would fail even though the host met the requirements.

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0008 – Workstation and Fusion Vulnerability

VMware has released a new security advisory: VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability.

This advisory documents the remediation of one issue, rated with a severity of Important. VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. A successfully exploitation of the vulnerability will result in a virtual machine shutdown.

The identifier CVE-2018-6957 was assigned to this vulnerability. The vulnerability was discovered by a Cisco Talos researcher.

Read More

VMware vExpert 2018

VMware vExpert 2018

The results for VMware vExpert 2018 program are finally in and I’m so glad to let you know that I have been accepted! There is always a first time and now it is for me. It is a great honor to be part of this vExpert community I heard about so much in the last years. I am looking at the vExpert names, there are people I follow for many years and I’m wondering what am I doing here? It remains to be seen.

So, what is this VMware vExpert program about? I will let one of the main persons behind it to explain:

“Each year, we bring together in the vExpert Program the people who have made some of the most important contributions to the VMware community. These are the bloggers, book authors, VMUG leaders, speakers, tool builders, community leaders and general enthusiasts. They work as IT admins and architects for VMware customers, they act as trusted advisors and implementors for VMware partners or as independent consultants, and some work for VMware itself. All of them have the passion and enthusiasm for technology and applying technology to solve problems. They have contributed to the success of us all by sharing their knowledge and expertise over their days, nights, and weekends.” – Corey Romero

So far, the community gave me and the other first-timers a warm welcome. I want to express a special thank you to Ariel Sanchez for the “unofficial welcoming tips pack”!

You can check the entire list of vExperts in the official Directory. 67 countries have representatives in the vExpert community, and I’m happy I helped to place Romania on the map! I hope next year we will see more Romanians around!

Congratulations to all vExperts out there!

PowerCLI 10.0.0 Linux Error in VMware.VimAutomation.Srm Module

VMware released recently version 10.0.0 of PowerCLI. One of the major “selling” points for PowerCLI 10.0.0 is the way it works exactly the same regardless of the platform: Windows, Linux, and Mac OS. As a result, immediately after I updated my Windows installation to 10.0.0, I proceeded to install a Linux version of PowerCLI.

I will document in this article how to install PowerShell Core 6.0.1 on Linux and how to install PowerCLI 10.0.0. I will then write about the error I met (“Import-Module : VMware.VimAutomation.Srm module is not currently supported on the Core edition of PowerShell”) and how I solved it. Update 5 May 2018: VMware released a new version 10.1.0, same error is present.

First stop was “Compatibility Matrixes for VMware PowerCLI 10.0.0”. The only supported Linux OS is Ubuntu 16.04. I then installed a VM running this Ubuntu version. I then followed the Microsoft provided instructions to install PowerShell Core 6.0.1. (On a related note, I ran PowerCLI 10.0.0 on CentOS 7 without other issues – except of course for the modules errors).

Read More

New Release – VMware PowerCLI 10.0.0

PowerCLI 6.5.4 is dead, welcome PowerCLI 10.0.0 🙂  VMware released few days ago the latest version, marked with a huge jump in numbering, moving straight from 6 to 10. This version marks also the promote of the former Fling PowerCLI Core into the main PowerCLI product. Now we have same product running multiplatform: Windows, Linux, and MacOS. This makes things simpler. How do you install PowerCLI on Windows? That’s “Install-Module -Name VMware.PowerCLI”. How about Linux? “That’s “Install-Module -Name VMware.PowerCLI”. MacOS? You got this, it’s the same.

PowerCLI 10.0.0 consists of the following modules:

  • VMware.DeployAutomation
  • VMware.ImageBuilder
  • VMware.PowerCLI
  • VMware.VimAutomation.Cis.Core
  • VMware.VimAutomation.Cloud
  • VMware.VimAutomation.Common
  • VMware.VimAutomation.Core
  • VMware.VimAutomation.HA
  • VMware.VimAutomation.HorizonView
  • VMware.VimAutomation.License
  • VMware.VimAutomation.Nsxt
  • VMware.VimAutomation.PCloud
  • VMware.VimAutomation.Sdk
  • VMware.VimAutomation.Srm
  • VMware.VimAutomation.Storage
  • VMware.VimAutomation.StorageUtility
  • VMware.VimAutomation.Vds
  • VMware.VimAutomation.Vmc
  • VMware.VimAutomation.vROps
  • VMware.VumAutomation

Not all these modules are supported on PowerShell Core, generating an error when trying to launch on Linux, but I will detail this in a future article. [Update 05 March 2018: The article is here: PowerCLI 10.0.0 Linux Error in VMware.VimAutomation.Srm Module. The mentioned error: “Import-Module : VMware.VimAutomation.Srm module is not currently supported on the Core edition of PowerShell”.]

Read More

VMUG Romania February 2018

VMUG Romania Meeting February 2018

Together with Razvan Ionescu, I hosted last Friday the first VMUG Romania meeting of 2018. This time we returned to our hosts from Impact Hub, but in their new and modern home from Timpuri Noi building.

Despite our efforts on advertising the event, we took a hit for the number of participants. We may had issues due to another event ran same end of the week by HPE and VMware in Brasov.

However, we were happy to have with us our friends from NetApp and Logicom, which sponsored the event.

Read More

New Security Patch – vCenter Server 6.5 U1f

VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).

The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.

Updated packages:

  • linux 4.4.110-2
  • libgcrypt 1.7.6-3
  • c-ares 1.12.0-2
  • ncurses 6.0-8
  • libtasn1 4.12-1
  • wget 1.18-3
  • procmail 3.22-4
  • rsync 3.1.2-4
  • apr 1.5.2-7

Read More

VMSA-2018-0003

VMware Security Advisory – VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console

VMware has released a new security advisory: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities.

This advisory documents the remediation of two issues: one critical (deserialization vulnerability which may allow code execution in vRealize Automation and vSphere Integrated Containers) and one important (a cross site request forgery vulnerability when accessing the App Catalog in AirWatch Console).

Read More

Install vRealize Suite Lifecycle Manager

How to Install vRealize Suite Lifecycle Manager 1.1

vRealize Suite Lifecycle Manager is a relatively new tool in VMware’s portfolio. You can use it to install, configure and upgrade vRealize environments consisting in vRealize Automation, vRealize Business for Cloud, vRealize Log Insight and vRealize Operations. In this article I will show how to install vRealize Suite Lifecycle Manager 1.1.

You will need access to both a vCenter Server and an ESXi host 6.0 or 6.5. For running the virtual machine you will have to allocate minimum 2 vCPU and 16GB of RAM. The smallest used disk is around 3GB, and it can grow up to 135GB.

You can download vRealize Suite Lifecycle Manager 1.1 from My.VMware portal (you need to use your credentials to authenticate). You will end up with a 1.7GB OVA file (VMware-vLCM-Appliance-1.1.0.7-7359844_OVF10.ova), released on 12 December 2017.

Install vRealize Suite Lifecycle Manager - My VMware
Install vRealize Suite Lifecycle Manager – My VMware

Read More