Title

VMware tools are not used to update the ESX Server. (Cat II impact)

Discussion

VMware uses three categories for patches: Security, Critical, and General. VMware will usually issue a KB article when they become aware of security vulnerabilities and other serious functionality issues before they issue a patch. Only VMware released patches and tools (such as esxupdate) should be implemented. Do not use RedHat or third party patches or tools such as yum or rpm to update the system because VMware has made modifications to the system and kernel.

Check Content

On the ESX Server service console perform the following commands: # grep esxupdate /var/log/vmware/esxupdate.log If no entries are returned, this is a finding.

Fix Text

Utilize VMware tools for all ESX Server updates.

Additional Identifiers

Rule ID: SV-16789r1_rule

Vulnerability ID: V-15848

Group Title: VMware tools are not used to update the ESX Server

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.