Workaround Instructions For CVE-2021-22045 on VMware ESXi Hosts (87249)

VMware just released new security advisory for ESXi hosts. For ESXi 6.5 and 6.7 there are patches ready, but for 7.0 there is only workaround.

ESXi VersionFixed VersionBuild NumberRelease date
6.56.5 P0718678235October 12th 2021
6.76.7 P0618828794November 23rd 2021
7.0PendingPendingPending

As the workaround all CD/DVD devices MUST be disabled.disconnected.

RUN-LIST:

  1. Log in to a vCenter Server
  2. Right-click the virtual machine and click Edit Settings.
  3. Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs

Alternatively you can leverage PowerCli if you have a bunch of VMs and do not want to waist the time on manula process.

RUN-LIST:

  1. Connect to VI Server
  2. Run this command to list all VMs with a connected device
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent
  1. Run this command to remove and disconnect an attached CD-ROM/DVD devices:
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false

Should you come accross this error:

Please refer to this article: https://angrysysops.com/2022/01/07/connection-control-operation-failed-for-disk-ide00/

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment