Guys heads up. There is a new vCenter Server update and ESXi hosts update to take note of. The new vCenter Server 7.0 Update 3f release and ESXi 7.0 Update 3f release take care of quite a few security vulnerabilities. Let’s dive into this release and see what security vulnerabilities are resolved and how you can get your vSphere environment updated. Take note of What’s new in VMware vCenter Server 7.0 Update 3f and ESXi 7.0 Update 3f.
vCenter Server 7.0 Update 3f new features
Notably with the new vCenter Server 7.0 Update 3f release, VMware is addressing two important security vulnerabilities:
- VMSA-2022-0018, addressing CVE-2022-22982. This is a server-side request forgery (SSRF) vulnerability in vCenter Server that was privately reported to VMware. With this vulnerability, an attacker with access to port 443 on the vCenter Server can exploit the issue by access a URL request outside of the vCenter Server or accessing an internal service.
- VMSA-2021-0025.2, addressing CVE-2021-22048 – This is a privilege escalation vulnerability in VMware vCenter Server reported to VMware where a malicious actor with non-administrative access to vCenter can exploit the vulnerability to elevate privileges to a higher group.
Increased scalability of VMware HCI Mesh: With vCenter Server 7.0 Update 3f, a vSAN cluster can serve its local datastore to up to ten client vSAN clusters.
Enhanced vSphere Client components: vCenter Server 7.0 Update 3f fixes important usability issues in the vSphere Client Inventory, Data Grid, Related Objects, and Global Inventory Lists components. The usability enhancements include:
- setting item height to 25px in the Inventory tree to make the tree more compact
- removing excessive margins from the Action menu
- improved right-click selection for Data Grid
- better handling of selected items in the Related Objects and Global Inventory Lists tabs customizable page size, from 35 to 200 items, in Related Object lists.
Read the release notes here:
ESXi 7.0 Update 3f new features
Like vCenter Server, VMware is resolving recent security vulnerabilities with the patch:
- This release resolves CVE-2022-23816, CVE-2022-23825, CVE-2022-28693, and CVE-2022-29901. For more information on these vulnerabilities and their impact on VMware products, see VMSA-2022-0020.
VMware is also now supporting quick boot on the following servers:
ESXi 7.0 Update 3f supports vSphere Quick Boot on the following servers:
Cisco Systems Inc:
- PowerEdge XR11
- PowerEdge XR12
- PowerEdge XE8545
- Edgeline e920
- Edgeline e920d
- Edgeline e920t
- ProLiant DL20 Gen10 Plus
- ProLiant DL110 Gen10 Plus
- ProLiant ML30 Gen10 Plus
- ThinkSystem SR 860 V2
Read the release notes here:
Upgrading vCenter Server to vCenter Server 7.0 Update 3f
Using the tried and true VAMI method, we can easily upgrade our vCenter Server to the latest version of vCenter Server 7.0 Update 3f. Navigate to your VAMI interface. Then click Update > Check Updates. You should see the recent 7.0 Update 3f update appear. It will have the release data of July 11, 2022. Click the Stage and install button.
Accept the EULA in the first screen of the installation wizard.
Verify you have backed up your vCenter Server. For my lab, I have taken a snapshot of the VCSA virtual machine at the ESXi host level. Click the checkbox and then click Finish. The upgrade will begin after clicking Finish.
The upgrade begins and progresses.
After a while, you should see the installation succeeded message.
After the installation is successful, you can check the version of the appliance post update on the update screen. You should see the 7.0.300700 version listed.
Updating to ESXi 7.0 Update 3f
There are three ways to update to ESXi 7.0 Update 3f. These include the following:
- Use the esxcli command line
- Use Update Manager
- Use vSphere Lifecycle Manager image-based update
One of the easiest ways, especially for home lab enthusiasts is to update your ESXi server using the command line. If you are not running a vSphere cluster in your lab environment or just running a single node, you will want to upgrade your host using the command line instead of the other options that require a vSphere cluster.
The command to use the esxcli command from the shell to upgrade to 7.0 U3f is as follows:
esxcli software profile update -p ESXi-7.0U3f-20036589-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
VMware vCenter Server 7.0 Update 3f and ESXi 7.0 Update 3f FAQs
- What’s new in vCenter Server 7.0 Update 3f and ESXi 7.0 Update 3f? There are new security fixes in this release as well as a few other items, but mainly the security vulnerabilities disclosed recently have been fixed.
- What is VAMI? This is the special-purpose interface for performing out-of-band management operations on your vCenter Server. This is the easiest way to install the latest updates for your VCSA appliance.
- Do you have to have Update Manager or vSphere Lifecycle Manager to update ESXi? No, you can do this using the esxcli command line tool. You pass in the profile you want to upgrade to and it will install the latest update to the ESXi installation.
The vSphere 7.0 Update 3f release is definitely one to get in your environment as it is security-related. It fixes two recent security vulnerabilities and patches the installation from the possibility of being attacked with exploit code targeting these vulnerabilities. Hopefully, this What’s new in VMware vCenter Server 7.0 Update 3f and ESXi 7.0 Update 3f post sheds light on what you need to know for your lab and production environments.