To keep VMware vSphere and ESXi systems secure, security patches and updates are constantly released by VMware. These patches are essential in order to fix new vulnerabilities and security threats for ESXi hosting platforms and vSphere virtual environments.
Contents
- 1 How to manage and apply security patches for vSphere ESXi:
- 2 Important Notes on ESXi Security Patches:
- 3 Method One: Install the Patch via vSphere Update Manager (VUM)
- 4 Method 2: Installing the ESXi Patch via CLI (Command Line Interface)
- 5 Method 3: Install the patch manually via vSphere Client
- 6 Important Notes:
How to manage and apply security patches for vSphere ESXi:
- Updates and patches from VMware Patch Portal:
- VMware releases security patches and updates through the VMware Patch Portal.
- These patches include security updates, performance improvements, bug fixes, and fixes related to the ESXi operating system, as well as vSphere-related products.
- Specific security patches for ESXi:
- Security patches are released regularly for ESXi, which typically fixes vulnerabilities in the ESXi kernel or its virtual machines.
- Specifically, VMware recommends that patches and updates be applied immediately after release to protect virtual infrastructure.
- Instructions for updating and installing security patches:
- Security Patches and Vulnerabilities:
- VMware typically releases security vulnerabilities and patches through VMware Security Advisories.
- To view ESXi-related security vulnerabilities and patches, visit VMware Security Advisories:
- Check for patches and updates for specific releases:
- ESXi 6.7 and ESXi 7.0 are the most popular versions for security updates and patches.
- If you’re using older versions like ESXi 5.x or 6.x, it’s recommended to upgrade to newer versions for security reasons, as these versions may no longer be supported.
Important Notes on ESXi Security Patches:
- Back up before applying patches: Always perform a full backup of your system and data before applying security patches.
- Performance monitoring: Check system performance after applying patches to ensure that there are no issues with the operation of ESXi or virtual machines.
- Regular updates: To avoid security risks, it is recommended that you apply security updates regularly and as quickly as possible.
To install security patches in vSphere ESXi, you can use a few different methods. In this tutorial, we’ll introduce two common ways to install patches in ESXi: using vSphere Update Manager (VUM) and Command Line (CLI). We’ll also look at how to install patches manually via the vSphere Client.
Method One: Install the Patch via vSphere Update Manager (VUM)
vSphere Update Manager (VUM) is VMware’s official tool for managing updates and patches. This tool allows you to manage updates and patches easily through the vSphere Client.
Steps to install the patch via vSphere Update Manager:
- Logging in to vSphere Client:
- First, log in to your vSphere Client.
- On the left-hand side, connect to vCenter Server.
- Choosing ESXi Host:
- In vSphere Client, from the sidebar, select Hosts and Clusters.
- Then select the ESXi Host you want to install the patches on.
- Select Update Manager:
- From the Menu menu, select Update Manager.
- In the Update Manager window, go to the Baselines section and select New Baseline from there.
- Creating Baseline for Patches:
- After selecting New Baseline, enter a name for the Baseline and select Patch.
- Then select Download Latest Patches.
- Once you select this option, Update Manager will automatically download the latest security patches.
- Connecting Baseline to ESXi Host:
- Go back to the Host page and select the Attach Baseline option.
- Select the new Baseline you have built and connect it to ESXi Host.
- Scanning and applying patches:
- Once the Baseline is connected, select the Scan for Updates option.
- The system will start checking the status and uninstalled patches.
- Then select Remediate to have the patches installed automatically on the ESXi server.
- Once the patches have been applied, the ESXi server will need to restart for the changes to be applied correctly.
Method 2: Installing the ESXi Patch via CLI (Command Line Interface)
In this method, you use the command line and the esxcli tool to install security patches on ESXi. This method is especially useful when you don’t want to use the vSphere Client or vCenter and only log into ESXi via SSH.
Steps to install the patch via CLI:
- Logging in to the ESXi server via SSH:
- First, enable SSH on your ESXi server (in case you haven’t already).
- To enable SSH in ESXi, go to your Host via vSphere Client and go to Configure > System > Security Profile.
- Under Services, select the SSH option and set it to the Start mode.
- Then log in to the ESXi server using an SSH tool like PuTTY.
- Download Patch:
- ESXi security patches and updates can be downloaded from VMware Patch Portal.
- The patch file is usually available with a .zip extension.
- After downloading the patch file, upload it to your ESXi server.
- Using esxcli to install the patch:
- On the command line, use the esxcli command to install the patches.
- To install the patch, use the following command:
esxcli software vib install -d /path/to/patch.zipNote that you need to enter the exact path of the patch file in the command.
- Making changes:
- After installing the patch, you will need to restart the ESXi server for the changes to be applied correctly.
reboot
- After installing the patch, you will need to restart the ESXi server for the changes to be applied correctly.
- Patch Installation Check:
- After restarting the ESXi server, you can make sure that the patch is installed correctly using the following command:
esxcli software vib list - This command displays a list of all available patches and VIB (installed software).
- After restarting the ESXi server, you can make sure that the patch is installed correctly using the following command:
Method 3: Install the patch manually via vSphere Client
This method involves installing the patch manually via the vSphere Client without using the Update Manager.
Steps to install the patch manually:
- Download the patch from VMware:
- Download patches and updates from VMware Patch Portal.
- The patch file is usually .zip with the extension.
- Connection to ESXi Host:
- Log in to the vSphere Client and connect to your ESXi Host.
- Upload Patch File:
- Upload the downloaded patch file to your ESXi server via vSphere Client.
- Installing the patch manually:
- From the Host menu, select the Actions > Reboot option.
- Then install the patch file via the Local CLI during the reboot.
- Restart:
- After installing the patch, restart the server.
Important Notes:
- Backups: Always back up your virtual machines and ESXi server before installing patches.
- Check for patches: Before applying any patches, read the documentation and warnings released by VMware to make sure the new patch is compatible with your system.
- Patch Installation Time: Installing security patches and updates will typically cause the ESXi server to restart, so it’s best to do so at times that have the least impact on system performance.
With these methods, you can easily install security patches and updates on your ESXi servers and maintain the security of your virtual infrastructure.
How to Install latest ESXi VMware Patch
To enable SSH go and select your host > configuration > security profile > services > properties > SSH.
Then connect via SSH and run this command:
esxcli software vib install -d /vmfs/volumes/datastore1/patch-directory/ESXixxxxxxx.zip
esxcli software vib install -d/vmfs/volumes/drobo/patches/ESXiESXixxxxxxx.zipReboot the host and leave the maintenance mode.
Link to download the latest vSphere ESXi Patch security updates and patches 04 MAR 2025
Download – Build:24585383 – vSphere ESXi 8.0
Download – Build:24585291 – vSphere ESXi 7.0
Download – Build:24514018 – vSphere ESXi 6.7
Download – Build:20502893 – vSphere ESXi 6.5
Download – Build:15517548 – vSphere ESXi 6.0
Phương Nguyễn