VMware vSphere

On January 16, 2020, the Defense Information Systems Agency has made available the second update to VMware vSphere 6.5 STIGs released in 2019. VMware vSphere 6.5 STIG Version 1, Release 3 includes updates to both the ESXi and the vCenter Server STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-94505, V-94507, V-94529, V-94531, V-94543, V-94545 - Added N/A statement when host profiles are not used to join AD These STIGs checks all relate to the authentication of users to ESXi using Active Directory.

Just a heads up. VMware has published Security Advisory VMSA-2020-0002 (CVE-2020-3941), which details information regarding a race condition within VMware Tools 10.x.x that can allow a user to escalate their privileges on a Windows VM. This issue was assigned a CVSSv3 score of 7.8 and has the potential to affect many environments as it applies to all releases of VMware Tools 10. The vulnerability can be resolved by installing VMware Tools 11, but if you can’t upgrade to VMware Tools 11, a workaround is available in VMware KB76654.

On October 25, 2019, the Defense Information Systems Agency has made available the first updates to VMware vSphere 6.5 STIGs released earlier this year. VMware vSphere 6.5 STIG Version 1, Release 2 includes updates to both the ESXi and the Virtual Machine STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-94491, V-94493, V-94495, V-94497, V94499, V-94501, V-94503, V-94513, V94515,V-94517, V-94519, V-94521, V94523, V-94525, V-94527, V-94537, V94539, V-94541, V-94551, V-94553, V94555, V-94557, V-94049 - Removed multiple duplicate requirements in ESXi STIG.

As a follow-up to my previous post providing alert content for the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I have also put together new alert content for the VMware vSphere 6.5 ESXi STIG Version 1, Release 1. See the link at the bottom of the page to download the alert content XML. The following STIG items cannot be verified by vRealize Operations because the checks are user process related, the configuration values are not currently collected by vRealize Operations, or the checks involve non-VMware assets (e.

With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML. Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations: