Update: The Hypervisor-Assisted Guest Mitigation process described in KB 55111, is cumulative and will also mitigate the issues described in this article.
Recent microcode updates by Intel and AMD provide hardware support for branch target injection mitigation (Spectre v2). In order to use this new hardware feature within virtual machines, Hypervisor-Assisted Guest Mitigation
must be enabled.
This document will focus on Hypervisor-Assisted Guest Mitigation
as it pertains to vSphere. Please review KB52245
: VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) for a complete view on VMware’s response to these issues.
See VMware Security Advisory VMSA-2018-0004.3
for the VMware provided patches related to this KB.