...or do we also need to update the VMX version on the guests?
Per the announcement below, am I to conclude that we must update to one of the specified ESXi versions (for example, https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1e.html) AND ensure that the virtual machines on that host are running at the corresponding VMX version as listed here https://kb.vmware.com/s/article/1003746, which for 7.0 U1 would be version vmx-18?
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
