View Only
  • 1.  Applying ESXi Patch ESXi650-202005401-SG

    Posted Jun 23, 2020 07:11 AM


    just had a question about applying a ESXi patch recently released


    My ESXi 6.5 U2 Patch 3.

    I have been told by VMware Support that applying the subject patch on my ESXi host will take my ESXi to 6.5 Update 3.

    I dont want my ESXi to be updated to ESXi 6.5 Update 3. (some compatibility issues)

    I find it difficult to accept that applying a patch which fixes a certain vulnerability requires your ESXi update version to also be upgraded.

    appreciate any inputs which can clear this out for me.. :smileyhappy:

  • 2.  RE: Applying ESXi Patch ESXi650-202005401-SG

    Posted Jun 25, 2020 04:50 AM

    This is correct. The patches for esxi is cumulative. Which means latest patches are built on top of the previously released patches. So applying latest patch binarees  will automatically contain previous release content too.

    Are ESXi Patches Cumulative - VMware vSphere Blog

  • 3.  RE: Applying ESXi Patch ESXi650-202005401-SG

    Posted Jun 25, 2020 10:22 AM


    the VMware support statement is correct. If you apply this security patch then the host will also be updated to U3. In general ESXi patches are cumulative so this is somehow expected, and there is no way to apply this security fix to an U2 system without also updating it to U3.

    Of course, in theory, it would be possible for VMware to provide another version of this (or any other) security patch for a U2 system ... and in addition for a U1 system ... and the GA version which would just fix the security issue and not change the update level... However, given the number of available security patches and the update releases of ESXi this would create a plethora of different possible patch combinations for an ESXi host - something that is probably impossible to maintain, validate and cross check for compatibility even for a big software vendor like VMware.


  • 4.  RE: Applying ESXi Patch ESXi650-202005401-SG

    Posted Jun 25, 2020 11:35 AM


    If you're using vSAN you get a new option inside VUM to keep the ESXi hosts patched te the Update level as vCenter: