ESXI-67-000072 - The ESXi host must have all security patches and updates installed.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If vCenter Update Manager is used on the network, hosts can be remediated from the vSphere Web Client.

From the vSphere Client, go to Hosts and Clusters >> Updates.

Check under 'Attached Baselines'. If there are no baselines attached, select the drop-down 'Attach >> Attach Baseline or Baseline Group'. Select 'attach' and select the type of patches.

Click on Check Compliance to check Host(s) Compliance.

To manually remediate a host, the patch file must be copied locally and the following command run from an SSH session connected to the ESXi host or from the ESXi shell:

esxcli software vib update -d <path to offline patch bundle.zip>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000366, Rule-ID|SV-239325r674904_rule, STIG-ID|ESXI-67-000072, STIG-Legacy|SV-104309, STIG-Legacy|V-94479, Vuln-ID|V-239325

Plugin: VMware

Control ID: 59961731c7dc319e2cf3a3cb8f71b6183742ad494409043239c0da1bea4cb041