L1 Terminal Fault (L1TF) Patching Considerations
On Tuesday August 14th, Intel Released their news on the latest vulnerability L1 Terminal Fault (L1TF) or ForeShadow. In response to this VMware released vSphere patches to address the issues. Since then I have seen quite a few threads come up and thought i would address them from a patching perspective.
I wanted to clarify when remediating your vSphere you should make sure to address the update sequence in the correct order. vCenter Server MUST be patched prior to updating ESXi.
In some cases I have seen users patching ESXi before their vCenter Server resulting in generic errors such as
xxx esx.problem.hyperthreading.unmitigated.formatOnHost not found xxx or
KB57374 has been created to inform users on details of this error.
However if done properly, once ESXi is patched after vCenter Server you would see the following warning on your ESXi host.
Once you have performed the remediation on the hosts to correct all aspects that warning will now go away.
Please stay tuned to KB55806 and VMSA-2018-0020 for any updates to the remediation steps.comments powered by Disqus