Issue:
last month 23/08/22 VMware announced a vulnerability on impacting VMware Tools versions and have since released updates to mitigate the affected products. The updated version is of VM Tools for Windows is 12.1.0 and Linux is 10.3.25 (12.1.0 for open-vm-tools)
Read full article here VMware advisory VMSA-2022-0024
Solution:
In order to update the ESXi hosts I used the following action plan:
ESX 6.7 host procedure:
1. upload the offline vib bundle to scratch datastore. Under ISO folder, create subfolder titled VMtools
2. put host into maintenance mode
3. open SSH session to ESXi host
4. run the command:
find -iname “*offline-depot*”
5. run the command:
localcli software vib install -d <full path copied from previous command> -f
6. once that completes (no reboot required), exit maintenance mode
ESX 7.0.2 host procedure:
- logon vcenter and select Lifecycle Manager (Updates)
2.create a new baseline for “vmtools 12.1.0” custom patch (23/08/2022)
- attach the baseline to ESXi host
- put host into maintenance mode
- then select baseline and select “check compliance” and select “remediation pre-check”
- once status is non-compliant and pre checks are satisfied then select “Remediate” on the Host
(no reboot is required)
Update VMs (Windows):
edit the VM settings and select VM Options and in VM Tools then Tools Upgrades tick the box for “Check and upgrade VMware Tools before each power on”. You could also control this via PowerCLI if you prefer automation
Update VMs (Linux):
for the various variety of Linux (CentOS, Ubuntu, Debian, etc) the VM tools and open-vm-tools package is updated via the corresponding linux package repositories.
To check current installation version via command line:
vmware-toolbox-cmd -v
Update in Centos:
sudo yum update open-vm-tools
Update in Ubuntu:
sudo apt-get install open-vm-tools