This is an update to Validating Compliance of VMSA-2018-0002 and BIOS update.
VMware recently published VMSA-2018-004, which details Hypervisor-Assisted Guest Mitigation fixes as well as knowledge base (KB) article 52085 with instructions to verify the updated microcode for a Virtual Machine.
Version 2.4.0 of vDocumentation now includes enhancements to the Get-ESXSpeculativeExecution script cmdlet that will:
- Validate if an ESXi is patched and compliant to VMSA-2018-0004
- Validate if an ESXi is seeing the updated CPUID Microcode
If –ReportOnVMs switch is specified then this will also report on VM compliance.
This new version also includes a new script cmdlet: Get-VMSpeculativeExecution. This cmdlet accepts $VM object and is very useful for checking VM compliance. Make sure to run “get-help Get-VMSpeculativeExecution –full” to see all the help content.
Examples of Get-ESXSpeculativeExecution
If we run “Get-ESXSpeculativeExecution -esxi labesx001.local”, this is the output:
If we run “Get-ESXSpeculativeExecution –ReportOnVMs –exportexcel”, we will generate an Excel sheet with 3 TABs: Patch_Compliance, BIOS_Compliance, and VM_Compliance
Examples of Get-VMSpeculativeExecution
If we run “Get-VM “testvm39” | Get-VMSpeculativeExecution”, this is the output:
“Get-VM | Get-VMSpeculativeExecution” Will check compliance on ALL VMs
“Get-Host “Labhost13.local” | Get-VMSpeculativeExecution” Will check compliance for all VMs running on host Labhost13.local
“Get-VM -Location “Dev_Cluster” | Get-VMSpeculativeExecution” Will check compliance for all VMs running on Dev_Cluster
Get-VMHost “Labhost13.local” | Get-VM | Get-VMSpeculativeExecution | Export-Excel “VMValidation.xlsx” -WorkSheetname “VMresults” Will check compliance for all VMs running on host Labhost13.local, which will exported to “VMValidation.xlsx” Excel file.