Details

Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If vCenter Update Manager is used on the network, hosts can be remediated from the vSphere Client. From the vSphere Client go to Hosts and Clusters > Update Manager tab and select a non-compliant host and click the Remediate button.

To manually remediate a host the patch file must be copied locally and the following command run:

esxcli software vib update -d

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|I
• CCI|CCI-000366
• Group-ID|V-63313
• Rule-ID|SV-77803r1_rule
• STIG-ID|ESXI-06-000072
• Vuln-ID|V-63313

Source

• Tenable.com/audits