Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0114.2 VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue 15 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vCenter Server VMware vSphere ESXi VMware Workstation VMware Fusion Publisher: VMWare Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-5715 Reference: ASB-2018.0009 ESB-2018.0103 ESB-2018.0102 ESB-2018.0101 ESB-2018.0100 ASB-2018.0002.4 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2018-0004.html Revision History: January 15 2018: Updated security advisory to add KB article 52345 and Workstation 12.x version i.e. 12.5.9 which addresses CVE-2017-5715 January 10 2018: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- VMSA-2018-0004.2 VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue VMware Security Advisory Advisory ID: VMSA-2018-0004.2 Severity: Important Synopsis: VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue. Issue date: 2018-01-09 Updated on: 2018-01-12 CVE numbers: CVE-2017-5715 1. Summary VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest Remediation for speculative execution issue. Notes: Hypervisor remediation can be classified into the two following categories: - Hypervisor-Specific Remediation (documented in VMSA-2018-0002) - Hypervisor-Assisted Guest Remediation (documented in this advisory) The ESXi patches and new versions of Workstation and Fusion of this advisory include the Hypervisor-Specific Remediation documented in VMware Security Advisory VMSA-2018-0002. More information on the types of Hypervisor remediation may be found in VMware Knowledge Base article 52245. 2. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM. To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met: VMware Requirements Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used). Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table. Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base article 1010675 discusses Hardware Versions. Third party Requirements Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor. Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor. VMware is providing several versions of the required microcode from INTEL and AMD through ESXi patches listed in the table. See VMware Knowledge Base 52085 for more details. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Severity Replace with/ Apply Patch Mitigation/ Workaround VC 6.5 Any Important 6.5 U1e* None VC 6.0 Any Important 6.0 U3d* None VC 5.5 Any Important 5.5 U3g* None ESXi** 6.5 Any Important KB52345 None ESXi** 6.0 Any Important KB52345 None ESXi** 5.5 Any Important KB52345 None Workstation 14.x Any Important 14.1.1 None Workstation 12.x Any Important 12.5.9 None Fusion 10.x OS X Important 10.1.1 None Fusion 8.x OS X Important 8.5.10 None * The new versions of vCenter Server set restrictions on ESXi hosts joining an Enhanced vMotion Cluster, see VMware Knowledge Base article 52085 for details. ** Please see KB article 52345 for important information on these patches. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server 6.5 U1e Downloads and Documentation: https://my.vmware.com/web/vmware/details?productId=614&rPId=20950&downloadGroup=VC65U1E vCenter Server 6.0 U3d Downloads and Documentation: https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3D&productId=491&rPId=20946 vCenter Server 5.5 U3g Downloads and Documentation: https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3G&productId=353&rPId=20876 VMware ESXi 6.5 Downloads and Documentation: https://kb.vmware.com/s/article/52345 VMware ESXi 6.0 Downloads and Documentation: https://kb.vmware.com/s/article/52345 VMware ESXi 5.5 Downloads and Documentation: https://kb.vmware.com/s/article/52345 VMware Workstation Pro, Player 14.1.1 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/go/downloadplayer https://www.vmware.com/support/pubs/ws_pubs.html VMware Workstation Pro, Player 12.5.9 Downloads and Documentation: https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation_pro/12_0 https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0 https://www.vmware.com/support/pubs/ws_pubs.html VMware Fusion Pro / Fusion 8.5.10, 10.1.1 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://www.vmware.com/support/pubs/fusion_pubs.html 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 VMware Knowledge Base Article 52085 https://kb.vmware.com/s/article/52085 VMware Knowledge Base Article 1010675 https://kb.vmware.com/s/article/1010675 VMware Knowledge Base article 52245 https://kb.vmware.com/s/article/52245 VMware Knowledge Base article 52245 https://kb.vmware.com/s/article/52345 6. Change log 2018-01-09 VMSA-2018-0004 Initial security advisory in conjunction with the release of VMware vCenter Server 5.5 U3g, 6.0 U3d and 6.5 U1e, ESXi 5.5, 6.0, and 6.5 patches and Workstation 14.1.1, and Fusion 10.1.1 and 8.5.10 on 2018-01-09. 2018-01-10 VMSA-2018-0004.1 Updated security advisory to add Workstation 12.x version i.e. 12.5.9 which addresses CVE-2017-5715. 2018-01-12 VMSA-2018-0004.2 Updated security advisory to add KB article 52345. 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWlwdDIx+lLeg9Ub1AQhUvQ//WjbU8O6gc82bT22oSXw5rxzKs9Szghpx pROvYOehTjCCou8daSdQrzMqkV4l4HU4UfhVzFEzzL9q4fb9L8dqwVk/bqLy1scH kLex9lAQWYVUFj5YIVifPQ3u0jvw/ofn6vr35LF/nwD5GtPUmGZZyQS36+XSTpLe pKFE55JpUD6RbGeRtOO0KIMyfLMf1PrE+Q2PXmN40xzQPLvJjMTXqpm6iXoZAGWZ MFds8vG23Mk3USWXJxZ061LlbHIU0XKrXfZ6kQYk2Gp5yESK5a+btz4tee3nYvps m9/SzFLHcDKFDzt2UXd1M112W+naWECHsGV4SCIUPICxRplPWFMWu/H0sqnJWw44 Ex09CoR5EaB76Q5P5nZ0fi+KLw3WMd6soTdOT0zBpppeNZEIPHso5OFFw5nGmA/y zAE781HPdxW/ma/GpYgMgwvUHd40Ic7xcr8SVfodiYQDQJWdzpIzjYc0dU4tL9vV gtgsj8sznn+euifGQ0q07oB/8h6MXzYUDfoqaCbrWvkm4lS8A97OMNf4OcAdyQJD 6L0XKRqqC4dqL/UQaZpy2ZrJZMTG2Hrb1JQ2F3LET4lSyTJFjfM9hRClmxDx0AMW JCbqFSNLGCuV9E4f4y3mGVgxHkG+Dtc+CzyhPrHSBHGg6e4KDpGJE4dt1jt+dQ1J ab8UD8KxEKE= =MUxi -----END PGP SIGNATURE-----