Validating compliance of VMSA-2018-0004 (Spectre) on ESXi and VM

This is an update to  Validating Compliance of VMSA-2018-0002 and BIOS update.

VMware recently published VMSA-2018-004, which details Hypervisor-Assisted Guest Mitigation fixes as well as knowledge base (KB) article 52085 with instructions to verify the updated microcode for a Virtual Machine.

Version 2.4.0 of vDocumentation now includes enhancements to the Get-ESXSpeculativeExecution script cmdlet that will:

  • Validate if an ESXi is patched and compliant to VMSA-2018-0004
  • Validate if an ESXi is seeing the updated CPUID Microcode

If –ReportOnVMs switch is specified then this will also report on VM compliance.

This new version also includes a new script cmdlet: Get-VMSpeculativeExecution. This cmdlet accepts $VM object and is very useful for checking VM compliance. Make sure to run “get-help Get-VMSpeculativeExecution –full” to see all the help content.

 

Examples of Get-ESXSpeculativeExecution

If we run “Get-ESXSpeculativeExecution -esxi labesx001.local”, this is the output:

VMSA-2018-0004

If we run “Get-ESXSpeculativeExecution –ReportOnVMs –exportexcel”, we will generate an Excel sheet with 3 TABs: Patch_Compliance, BIOS_Compliance, and VM_Compliance

VMSA-2018-0004_2

VMSA-2018-0004_3

VMSA-2018-0004_4

Examples of Get-VMSpeculativeExecution

If we run “Get-VM “testvm39” | Get-VMSpeculativeExecution”, this is the output:

VMSA-2018-0004_5

Other Examples

“Get-VM |   Get-VMSpeculativeExecution” Will check compliance on ALL VMs

“Get-Host “Labhost13.local” | Get-VMSpeculativeExecution” Will check compliance for all VMs running on host Labhost13.local

“Get-VM -Location “Dev_Cluster” | Get-VMSpeculativeExecution” Will check compliance for all VMs running on Dev_Cluster

Get-VMHost “Labhost13.local” | Get-VM | Get-VMSpeculativeExecution | Export-Excel “VMValidation.xlsx” -WorkSheetname “VMresults” Will check compliance for all VMs running on host Labhost13.local, which will exported to “VMValidation.xlsx” Excel file.

 

Posted in PowerShell
One comment on “Validating compliance of VMSA-2018-0004 (Spectre) on ESXi and VM
  1. […] UPDATE: Please see validating compliance of VMSA-2018-0004 (Spectre) on ESXi and VM […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Edgar Sanchez
%d bloggers like this: