ESXI-06-000072 - The system must have all security patches and updates installed.

Information

Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If vCenter Update Manager is used on the network, hosts can be remediated from the vSphere Client. From the vSphere Client go to Hosts and Clusters > Update Manager tab and select a non-compliant host and click the Remediate button.

To manually remediate a host the patch file must be copied locally and the following command run:

esxcli software vib update -d <path to offline patch bundle.zip>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Group-ID|V-63313, Rule-ID|SV-77803r1_rule, STIG-ID|ESXI-06-000072, Vuln-ID|V-63313

Plugin: VMware

Control ID: 96e0b477370d8f950c6969ae59b9a75db226cad79fd520502b347d8d506de3aa