SecPoint Logo

How to easily Install Latest Patches on VMware VSphere ESXi

Are you not sure how you can easily install the latest security patches on your VMware VSphere ESXi server then follow the guide below. 

 

This could be                       6.7.0 Update 2 (Build 13006603)

Step 1 Setup Firewall permissions to only allow trusted IPs to connect

Always be sure to activate the Firewall and limit which IP addresses are allowed to connect to different ports services such as port 443,22.

From the interface you can click on Networking Icon -> Firewall Rules

There you can see incoming port 22,443 as example

So if you leave SSH running enabled by mistake or your web management is vulnerable in the future to attacks limit so only you can connect to it.

Always keep SSH disabled at all times only enabled it if you need to temporary perform a task or upgrade the server.

 

 

Step 2

First you login to your web interface and click on Host to see the exact version you are running

 

After you visit https://my.vmware.com/group/vmware/patch#search  (You might need to have a login or create free account to login)

You choose ESXI (Embedded and Installable)

After you search your version example 6.7.0 like image below

ESXi670-202103001

Product:ESXi (Embedded and Installable) 6.7.0

Download Size:476.7 MB

03/18/2021

17700523

 

 You must download the file in this case 476.7 MB it will be a .zip file.

 

Or for example for V 7.0.0

VMware-ESXi-7.0b-16324942-depot.zip 

 

Step 3

 Goto your Storage -> datastore1 -> Datastore Browser to upload the patch file.

 

It can take a few moments to upload the file giving it is almost 500 MB

 

Step 4

Now login to the unit via ssh

and type to see existing patches

esxcli software vib list 

to install the uploaded patch type in this case

ESXi 6.7

esxcli software vib update -d /vmfs/volumes/datastore1/ESXi670-202103001.zip

ESXi 7.0.0

esxcli software vib update -d /vmfs/volumes/datastore1/VMware-ESXi-7.0b-16324942-depot.zip 

 

Step 5

Safely power off all VM machines and reboot it.

After the reboot remember to power on your VM Machines.

Now after the reboot you can see the new patches installed

In this example the old was:

6.7.0 Update 2 (Build 13006603)

After patches it is now

6.7.0 Update 3 (Build 17700523)

or for 7.0.0

 

7.0.0 (Build 15843807)

After patches it is now

7.0.0 (Build 16324942)