Blog Archives

Confirming Hypervisor-Assisted Guest Mitigations at a VM level. gives you detailed steps on how to validate if an ESXi host has both the CPU Microcode and patches applied. The step for confirming this is to examine the vmware.log file for a VM and look for the CPUID

Posted in PowerShell

Intel MDS Guidance – No plans to support Nehalem and Westmere Product Family

With the recent release of new microcode updates (MCUs) to mitigate Microarchitectural Data Sampling (MDS) vulnerabilities, Intel dropped plans to support older generation processors like Nehalem and Westmere. These were supported for L1TF, Spectre and Meltdown vulnerabilities. If you are

Posted in PowerShell

Use PowerCLI to manage users on an ESXi host

Starting with vSphere 6.0 VMware introduced a new set of ESXCLI commands to manage the life cycle of local accounts and permissions. I have created ESXiAccountManagement.ps1 script that includes the following functions: Get-ESXiAccount: List all local accounts and their role

Posted in PowerShell

Verify new Spectre mitigation patches using PowerCli and vDocumentation

Intel recently announced that it has released microcode updates for 100 percent of its products launched in the past five years that require protection against Spectre/Meltdown. For virtualization admins using Intel Xeon chips, this would mean that servers with a

Posted in PowerShell

Validating compliance of VMSA-2018-0004 (Spectre) on ESXi and VM

This is an update to  Validating Compliance of VMSA-2018-0002 and BIOS update. VMware recently published VMSA-2018-004, which details Hypervisor-Assisted Guest Mitigation fixes as well as knowledge base (KB) article 52085 with instructions to verify the updated microcode for a Virtual

Posted in PowerShell

Validating compliance of VMSA-2018-0002 and BIOS update

UPDATE: Please see validating compliance of VMSA-2018-0004 (Spectre) on ESXi and VM VMware has published VMSA-2018-0002 that addresses vulnerability for Spectre and Meltdown (CVE-2017-5753, CVE-2017-5715) and tells you which patch should be installed. Along with this patch, you also need

Posted in PowerShell, vDocumentation
Edgar Sanchez