If you work in IT you no doubt are aware of the problems Intel has been having. If not….here’s a link for you. Enjoy.
In the days after the public announcement vendors released the microcode updates that Intel delivered to them, as well as, a few updates in the months prior that they slipped in without any fanfare.
Specifically, VMware had a fix in December for Spectre on VMSA-2018-0002.2
6.5: ESXi-6.5.0-20171201001s-standard – Build 7273056
6.0: ESXi-6.0.0-20171101001s-standard – Build 6856897
On January 9 after the announcement VMware posted VMSA-2018-0004.2 also for Spectre.
vCenter 6.5 U1e – Build 7515524
vCenter 6.0 U3d – Build 7462485
AND
6.5: ESXi-6.5.0-20180104001-standard – Build 7526125
6.0: ESXi-6.0.0-20180104001-standard – Build 7504637
HOWEVER, Either on January 10th or January 12th (can’t tell from the history), they updated the KB article and pulled the ESXi patches from the depot when Intel advised they were seeing unplanned reboots from hosts with the applied microcode.
At the current time – my best recommendation is to patch ESXi up to the following: (this site is REALLY handy)
6.5: 2017-12-19 ESXi-6.5.0-20171204001-standard – Build 7388607
6.0: 2017-11-09 ESXi-6.0.0-20171104001-standard – Build 6921384
If you applied those January patches for ESXi, and have a build number of 6.5 7526125 or 6.0 7504637, VMware has a process for applying a CPU mask to help avoid the problem, however it has to be done per VM and requires a reboot of each. My personal feeling is if you aren’t seeing a problem, wait for further updates. Your results may vary of course.
On the Dell side, they did too make a bios update available and has since pulled it. I only pay attention to R430’s – they released BIOS 2.7.0 (link is now dead).
As of today (Jan 22) I noticed that bios has been removed and the newest listed is 2.6.0 released November 28. Dell’s main support page has not been updated with a recommendation as of yet. We’ll see what develops here. My recommendation is hold off on deploying the new bios, and be cautious of any hosts that already have it. Dell Support says options for rolling back are coming.
UPDATES –
Jan 23 – Dated yesterday (22nd) Dell is now recommending rolling back BIOS if you have applied it. This worked fine for me on a R430 from 2.7.0 to 2.6.0.
Jan 24 – Duncan has some info on working around the pulled patches with Update Manager, because otherwise you’ll get an error.
Feb 26 – Dell has released new BIOS 2.7.1 to address CVE-2017-5715
March 20 – VMware has released the microcode updates in what they are calling Update 1 G, see details here ESXi 6.5 Build 7967591 and vCenter 8024368
Link roundup: