Addressing VMSA-2021-0002 for vCenter 6.7 (and 6.5)
*NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 6.5 and 6.7. If you are looking for later versions, please see this article: VMSA-2021-0002 for vCenter 7.0
As per VMSA-2021-0002, the affected vCenter versions are 6.5 & 6.7 with CVE-2021-21972, CVE-2021-21973, CVE-2021-21974.
For more details, please refer to VMware KB: https://kb.vmware.com/s/article/82374
For any queries on this procedure or on VMSA 2021-0002, post your question here - https://community.broadcom.com/vmware-cloud-foundation/communities/community-home?CommunityKey=47d275f3-6e8e-45c2-8b72-b62f261013fd
To mitigate the issues vCenter 6.7 needs to be patched to 6.7 U3l or above.
- vCenter Server Appliance 6.7 Update 3l | NOV 19 2020 | ISO Build 17138064
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Please take a non-memory, non-quiesced snapshot of the vCenter VM (if standalone), before implementing any change.
- In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.
- If PSC is external do take powered down snapshot/s of all PSC's as well.
- If there are multiple vCenter's linked with external PSC we need to update all PSC nodes first and then proceed with vCenter nodes.
- If DRS is set to Fully Automated, please change it to Manual while updating.
- Make note of the host IP/FQDN where vCenter/PSC VM is deployed.
- Ensure that you have the login credential for the ESXi host which has the vCenter VM.
- vCenter/PSC will be rebooted during the process.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Below is an example on patching vCenter Appliance vCenter Appliance 6.7 (6.7.0.10000) to vCenter Appliance 6.7 Update 3l (6.7.0.46000)
1 In a browser open VAMI (VMware Appliance Management Interface): https://<vCenterFQDN>:5480
2 Login as root
3 In the Navigator tab (on the left), click Update
4 In CHECK UPDATES drop down change the option to check CD ROM + URL (make sure there is internet connectivity to vCenter server)
Alternatively, you can download 6.7 Update 3l build 17138064 from the download portal, and attach the iso to the CDROM of the vCenter server VM
5 Select a patch released on NOV 19 2020 or later.
However, VMware recommend patching to the latest available version.
6 Select STAGE AND INSTALL
7 Accept End user license agreement and click on NEXT
8 It will start Running pre-update checks
9 It will ask if you wish to Join the VMware's Customer Experience Improvement Program (CEIP), check/uncheck and click Next
10 Check the box I have backed up vCenter Server and its associated databases, if you have taken a vCenter Backup and click FINISH
11 You will see Installation in progress as follows
12 Click on CLOSE
13 The vCenter is patched with the build 17138064
Note: If there is external PSC we need to update PSC node first following same procedure.
*NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 6.5 and 6.7. If you are looking for later versions, please see this article: VMSA-2021-0002 for vCenter 7.0