How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) with Spectre mitigation

As covered earlier at TinkerTry, patching for the branch target injection vulnerability known as Spectre-2 requires you to patch your:

1. VCSA/vCenter (this article)
2. ESXi server(s)
3. Each VM operating system
4. Each server(s) BIOS/firmware

This article is an update to my recent article that has the full VCSA upgrade procedure with screenshots, step-by-step:

• How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1f (VCSA 6.5 U1f) for Meltdown/Spectre-1 mitigation

You'll want to read the following Release Notes in full before getting started:

• VMware vCenter Server 6.5 Update 1g Release Notes
  vCenter Server 6.5 Update 1g | 20 MAR 2018 | ISO Build 8024368
  ...

  What's New
  vCenter Server 6.5 Update 1g addresses issues that have been documented in the Resolved Issues section and Photon OS security vulnerabilities. For more information, see VMware vCenter Server Appliance Photon OS Security Patches.

  Patches Contained in This Release
  vCenter Server 6.5 Update 1g delivers the following patch. See the VMware Patch Download Center for more information on downloading patches.

  • VMware-vCenter-Server-Appliance-6.5.0.15000-8024368-patch-FP.iso
    ...

Once you've finished the upgrade, your VAMI UI will show you're at 6.5.0.15000 Build Number 8024368.

Video

Mar 24 2018 Update

Title change, from:
How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) for hypervisor-assisted guest mitigation of CVE-2017-5715
to
How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) with Spectre mitigation

See also at TinkerTry

• How to easily update your VMware Hypervisor from 6.x to 6.5 Update 1 Patch Release ESXi650-201803001 (ESXi Build 7967591) for hypervisor-assisted guest mitigation for branch target injection
  Mar 20 2018

• Meltdown and Spectre side-channel attack risk mitigation information from processor, server, and software vendors
  Jan 10 2018

• vSphere 6.5 Core Storage white paper - one home virtualization lab enthusiast's perspective
  Dec 07 2016

See also

• My vSphere 6.5 Upgrade Checklist – painful
  Jan 29 2017 by Michael White at Notes from MWhite

Hypervisor-Assisted Guest Remediation

• VMSA-2018-0004.3
  VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
  Jan 09 2018 at VMware Security Advisories, updated Mar 03 2018

  ...
  1. Summary
  VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue.

  The mitigations in this advisory are categorized as Hypervisor-Assisted Guest Mitigations described by VMware Knowledge Base article 52245.

  2. Relevant Products
  VMware vCenter Server (VC)
  VMware vSphere ESXi (ESXi)
  VMware Workstation Pro / Player (Workstation)
  VMware Fusion Pro / Fusion (Fusion)

  3. Problem Description
  New speculative-execution control mechanism for Virtual Machines

  Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.
  ...
  Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

  

Here's the 2 patches for VCSA and ESXi 6.5 that the table above points to, hyperlinked for you:

• VCSA 6.5 U1g available here, and Release Notes.
  Name: VMware-VCSA-all-6.5.0-8024368.iso Release Date: 2018-03-20 Build Number: 8024368
• ESXi 6.5: ESXi650-201803401-BG KB52460 and ESXi650-201803402-BG KB52461 are both seen here, with ESXi Build Number 7967591 KB52456.