VMware NSX Guest Introspection compatibility for Microsoft Windows patches released for "Spectre" and "Meltdown"
Article ID: 330313
Updated On:
Products
VMware NSX Networking
Issue/Introduction
With the testing conducted for various versions of Microsoft Windows where patches are available, no issues are reported. VMware NSX Guest Introspection is compatible with these patches.
Microsoft has introduced various registry keys in order to receive patches via Windows Update. Please refer to following Microsoft documentation to create required keys based on type of platform.
Microsoft Advisory:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Initial KB:
https://support.microsoft.com/en-in/help/4056897/windows-7-update-kb4056897
KB for Server Workloads (for additional keys):
https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Customers who are not using Windows Update can directly download and apply the Windows Update from the Windows update catalog.
NSX Guest Introspection is also supported on various Linux distributions. Compatibility testing under various supported Linux distributions is in progress as patches become available for these distributions. Kindly watch out for updates to this KB for most up to date information.
Microsoft has introduced various registry keys in order to receive patches via Windows Update. Please refer to following Microsoft documentation to create required keys based on type of platform.
Microsoft Advisory:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Initial KB:
https://support.microsoft.com/en-in/help/4056897/windows-7-update-kb4056897
KB for Server Workloads (for additional keys):
https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Customers who are not using Windows Update can directly download and apply the Windows Update from the Windows update catalog.
NSX Guest Introspection is also supported on various Linux distributions. Compatibility testing under various supported Linux distributions is in progress as patches become available for these distributions. Kindly watch out for updates to this KB for most up to date information.
Resolution
VMware NSX Guest Introspection is compatible with the patches introduced by Microsoft. Please refer the above section for more details.
Additional Information
Bounds-Check bypass and Branch Target Injection issues
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors).The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.
For more information on the vulnerabilities, see VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) (52245) .
Feedback
Yes
No
Powered by
