UCF STIG Viewer Logo

The ESXi system must be properly patched. Vendor-recommended software patches, system security patches, and updates, must be installed and up-to-date.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-99999-ESXI5-000149 SRG-OS-99999-ESXI5-000149 SRG-OS-99999-ESXI5-000149_rule Medium
Description
By staying up to date on ESXi patches, vulnerabilities in the hypervisor can be mitigated. An educated attacker can exploit known vulnerabilities when attempting to attain access or elevate privileges on an ESXi host.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-99999-ESXI5-000149_chk )
Ask the SA if ESXi hosts are patched in accordance with site policies using the VMware Update Manager. If VUM is not used, ask the SA what method and organization-defined schedule is used to maintain host patch updates.

If the host patching method and/or frequency cannot be determined, this is a finding.
Fix Text (F-SRG-OS-99999-ESXI5-000149_fix)
Deploy VMware Update Manager or develop procedures to manually and/or automatically patch ESXi hosts on an organization-defined schedule.