Meltdown/Spectre - VMWare ESXi patch and Windows Patching?

chrisdalton5596 · 2018-01-10T10:22:31.000Z

Stupid question.

If the VMware patches are applied to the ESXi Physical Host - Is there a requirement for the Windows patches to be applied to the OS on its VMs.

Will there be a double performance hit ?

Thanks

Chris

milosz · 2018-01-10T10:47:38.000Z

The ESXi patches do not address meltdown/spectre issues on a guest level, but a possible VM to VM exploitation, so yes, you need the guest patches. However seeing as the guest is pretty much directly using the CPU as is I doubt that would be doubly affected as these patches just simply address different problems.

more here :

https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html

maxsec · 2018-01-10T10:53:43.000Z

Depends on the risks

If you’re on a multi tenancy its more critical to stop cross machine data leak

The risks of cross application data leakage maybe less

But its recommended that hypervisors are patched more urgently than host OS patches