Details

Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If vCenter Update Manager is used on the network, hosts can be remediated from the vSphere Web Client.

From the vSphere Client, go to Hosts and Clusters >> Updates.

Check under ‘Attached Baselines’. If there are no baselines attached, select the drop-down ‘Attach >> Attach Baseline or Baseline Group’. Select ‘attach’ and select the type of patches.

Click on Check Compliance to check Host(s) Compliance.

To manually remediate a host, the patch file must be copied locally and the following command run from an SSH session connected to the ESXi host or from the ESXi shell:

esxcli software vib update -d

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|I
• CCI|CCI-000366
• Rule-ID|SV-239325r674904_rule
• STIG-ID|ESXI-67-000072
• STIG-Legacy|SV-104309
• STIG-Legacy|V-94479
• Vuln-ID|V-239325

Source

• Tenable.com/audits