The ESXi host must have all security patches and updates installed.
An XCCDF Rule
Description
<VulnDiscussion>Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256428r886065_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
ESXi can be patched in multiple ways, and this fix text does not cover all methods.
Manual patching when image profiles are not used:
- Download the latest "offline bundle" .zip update from vmware.com. Verify the hash.