VMware Cloud Community
TRBoeh
Contributor
Contributor
‎03-04-2018 11:24 AM
Jump to solution

ESXi 6.5U1 HPE Custom Image / Protection against Spectre

Dear all,

I have two HPE ML350 Gen9 Server running with ESXi 6.5U1 Build 7388607 HPE Custom Image.

Latest BIOS-Update P92 2.56_01-22-2018​ 23.02.2018 is installed.

All running Windows 2012 R2 VMs got the latest Microsoft updates (including KB4056098). Antivirus software is also running and up-to-date.

The registry-keys were set, as mentioned in: https://support.microsoft.com/en-za/help/4072698/windows-server-guidance-to-protect-against-the-spec...

If I run the the Microsoft "SpeculationControl"-Powershell-script, I get as result, that the CPU still have to be updated by microcode (please see attachment).

Does anybody know which additional vmWare-Update I need to install?

Thanks in advance for your assistance!

Regards

Marcus

Preview file
77 KB
21 Replies
bluefirestorm
Champion
Champion
‎04-15-2018 07:01 AM
Jump to solution

That is bizzarre!

Running on the same ESXi host (so that means the microcode is present and active in the host hardware), OK for 2 VMs but not the DC VM. Running on same ESXi host also precludes the /etc/vmware/config mask from the "Intel Sightings" KB as the culprit.

How about the DC VM hardware compatibility setting? Is it also version 13 (supported by ESXi 6.5) or at least same as the TS/Exchange VMs? I think the recommended minimum is version 9.

Other than HW compability version, I can't think of any other possible reason why. But the fact the stibp, ipbp, and ibrs capabilities show up in the vmware.log that means the ESXi hypervisor found the microcode update and should be exposed to the VM.

Alternatively, you could remove those registry settings; because those registry settings were really introduced to mitigate the crashing in January (just like the VMware Intel Sightings KB).

0 Kudos
TRBoeh
Contributor
Contributor
‎04-15-2018 07:27 AM
Jump to solution

Bluefirestorm you are the hero!!!

The VM still has had version 8... after upgrading to V13 everything is fine!

pastedImage_1.png

pastedImage_2.png

What a bloody rookie mistake...

I throw myself reverential into the dust! :smileylaugh:

Anyway - thanks again!

0 Kudos