Along the lines of vendors coming out with new fixes for the Meltdown and Spectre vulnerabilities, VMware has patches and workarounds for the Virtual Appliance products suffering from the holes.
Meltdown and Spectre impact VMware Virtual Appliances, including vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC) and vRealize Automation (vRA), according to a VMware advisory.
VMware released a patch for its vSphere Integrated Containers product, and workarounds have been made available for UM, vIDM, vCSA, and vRA.
vCSA 5.5 is not affected, and neither patches nor workarounds released for VDP.
VMware released advisories describing the workarounds for various products.
The company advised users not to apply workarounds to other products than the one they are intended for.
The workarounds are a temporary solution until permanent fixes become available.
The Meltdown and Spectre attacks allow malicious applications to bypass memory isolation mechanisms and access potentially sensitive data. Billions of devices using Intel, AMD, ARM, Qualcomm and IBM processors suffer from the problems.
Intel started microcode updates for its processors almost immediately after disclosure, but the fixes did more harm than good, so they halted everything. The company is now starting to release new microcode.
Following Intel’s announcement, VMware delayed microcode updates for its ESXi hypervisor until the chipmaker addressed the issues.
Intel said this it found the root of an issue that caused systems to reboot more frequently.
Intel and AMD said future products will include built-in protections for exploits such as Spectre and Meltdown.