ESX Server updates are not tested.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15847 | ESX0480 | SV-16788r1_rule | Medium |
| Description |
|---|
| Organizations need to stay current with all applicable ESX Server software updates that are released from VMware. In order to be aware of updates as they are released, virtualization server administrators will subscribe to ESX Server vendor security notices, updates, and patches to ensure that all new vulnerabilities are known. New ESX Server patches and updates should be reviewed for the ESX Server before moving them into a production environment. ESX Server patches will be tested first in a development environment and any issues or special precautions will be documented, as a patch could technically disable all virtual networks and machines. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16195r1_chk ) |
|---|
| Ask the IAO/SA to show you where the test and development ESX Server is located. At the service console of the test and development ESX Server perform the following command: # esxupdate –l query The output will look similar to the following: Installed software bundles -----Name---- --Install Date-- --------Summary-------- 3.5.0-56329 23:37:26 11/04/08 Full installation of ESX 3.5.0-56329 ESX350-200802055-BG 23:49:26 11/04/08 Fix COS running Dell OM5 w/QLogic ESX350-200803066-SG 23:50:02 11/04/08 Fix COS security bug If no patch results are returned, this is a finding. The test and development ESX Server cannot be the production ESX Server(s). |
| Fix Text (F-15801r1_fix) |
|---|
| Use the test and development ESX Server to test all patches before moving them to production. |