<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Menlo;
        panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:Menlo;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:Menlo;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:Menlo;
        color:windowtext;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">-----BEGIN PGP SIGNED MESSAGE-----</p>
<p class="MsoPlainText">Hash: SHA1</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VMware Security Advisory</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">Advisory ID: VMSA-2018-0020</p>
<p class="MsoPlainText">Severity:&nbsp;&nbsp;&nbsp; Important</p>
<p class="MsoPlainText">Synopsis:&nbsp;&nbsp;&nbsp; VMware vSphere, Workstation, and Fusion updates enable</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; vulnerability.</p>
<p class="MsoPlainText">Issue date:&nbsp; 2018-08-14</p>
<p class="MsoPlainText">Updated on:&nbsp; 2018-08-14 (Initial Advisory)</p>
<p class="MsoPlainText">CVE number:&nbsp; CVE-2018-3646</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">1. Summary</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware vSphere, Workstation, and Fusion updates enable Hypervisor-</p>
<p class="MsoPlainText">&nbsp;&nbsp; Specific Mitigations for L1 Terminal Fault - VMM vulnerability.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; The mitigations in this advisory are categorized as Hypervisor-</p>
<p class="MsoPlainText">&nbsp;&nbsp; Specific Mitigations described by VMware Knowledge Base article</p>
<p class="MsoPlainText">&nbsp;&nbsp; 55636.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">2. Relevant Products</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware vCenter Server (VC)</p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware vSphere ESXi (ESXi)</p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Workstation Pro / Player (WS)</p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Fusion Pro / Fusion (Fusion)</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">3. Problem Description</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter Server, ESXi, Workstation, and Fusion updates include</p>
<p class="MsoPlainText">&nbsp;&nbsp; Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This</p>
<p class="MsoPlainText">&nbsp;&nbsp; issue may allow a malicious VM running on a given CPU core to</p>
<p class="MsoPlainText">&nbsp;&nbsp; effectively read the hypervisor’s or another VM’s privileged</p>
<p class="MsoPlainText">&nbsp;&nbsp; information that resides sequentially or concurrently in the same</p>
<p class="MsoPlainText">&nbsp;&nbsp; core’s L1 Data cache.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; CVE-2018-3646 has two currently known attack vectors which will be</p>
<p class="MsoPlainText">&nbsp;&nbsp; referred to as &quot;Sequential-Context&quot; and &quot;Concurrent-Context.&quot;</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Attack Vector Summary</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Sequential-context attack vector: a malicious VM can potentially</p>
<p class="MsoPlainText">&nbsp;&nbsp; infer recently accessed L1 data of a previous context (hypervisor</p>
<p class="MsoPlainText">&nbsp;&nbsp; thread or other VM thread) on either logical processor of a processor</p>
<p class="MsoPlainText">&nbsp;&nbsp; core.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Concurrent-context attack vector: a malicious VM can potentially</p>
<p class="MsoPlainText">&nbsp;&nbsp; infer recently accessed L1 data of a concurrently executing context</p>
<p class="MsoPlainText">&nbsp;&nbsp; (hypervisor thread or other VM thread) on the other logical processor</p>
<p class="MsoPlainText">&nbsp;&nbsp; of the Hyper-Threading-enabled processor core.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Mitigation Summary</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp;The Sequential-context attack vector is mitigated by a vSphere</p>
<p class="MsoPlainText">&nbsp;&nbsp; update to the product versions listed in table below. This mitigation</p>
<p class="MsoPlainText">&nbsp;&nbsp; is dependent on Intel microcode updates (provided in separate ESXi</p>
<p class="MsoPlainText">&nbsp;&nbsp; patches for most Intel hardware platforms) also listed in the table</p>
<p class="MsoPlainText">&nbsp;&nbsp; below. This mitigation is enabled by default and does not impose a</p>
<p class="MsoPlainText">&nbsp;&nbsp; significant performance impact.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; The Concurrent-context attack vector is mitigated through</p>
<p class="MsoPlainText">&nbsp;&nbsp; enablement of a new feature known as the ESXi Side-Channel-Aware</p>
<p class="MsoPlainText">&nbsp;&nbsp; Scheduler. This feature may impose a non-trivial performance impact</p>
<p class="MsoPlainText">&nbsp;&nbsp; and is not enabled by default.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Column 5 of the following table lists the action required to</p>
<p class="MsoPlainText">&nbsp;&nbsp; remediate the vulnerability in each release, if a solution is</p>
<p class="MsoPlainText">&nbsp;&nbsp; available.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware&nbsp; Product Running&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Replace with/&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mitigation/</p>
<p class="MsoPlainText">&nbsp;&nbsp; Product Version on&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Severity&nbsp; Apply Patch&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Workaround</p>
<p class="MsoPlainText">&nbsp;&nbsp; ======= ======= ======= ========= =====================&nbsp; ==========</p>
<p class="MsoPlainText">&nbsp;&nbsp;VC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.7&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 6.7.0d&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp; VC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.5&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 6.5u2c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp; VC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.0&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 6.0u3h&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp; VC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5.5&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 5.5u3j&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi&nbsp;&nbsp;&nbsp; 6.7&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important ESXi670-201808401-BG*&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi670-201808402-BG** None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi670-201808403-BG*&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi&nbsp;&nbsp;&nbsp; 6.5&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important ESXi650-201808401-BG*&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi650-201808402-BG** None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi650-201808403-BG*&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi&nbsp;&nbsp;&nbsp; 6.0&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important ESXi600-201808401-BG*&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi600-201808402-BG** None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi600-201808403-BG*&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi&nbsp;&nbsp;&nbsp; 5.5&nbsp;&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important ESXi550-201808401-BG*&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESXi550-201808402-BG** None</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ESXi550-201808403-BG*&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; WS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 14.x&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 14.1.3*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Fusion&nbsp; 10.x&nbsp;&nbsp;&nbsp; Any&nbsp;&nbsp;&nbsp;&nbsp; Important 10.1.3*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; *These patches DO NOT mitigate the Concurrent-context attack vector</p>
<p class="MsoPlainText">&nbsp;&nbsp; previously described by default. For details on the three-phase</p>
<p class="MsoPlainText">&nbsp;&nbsp; vSphere mitigation process please see KB55806 and for the mitigation</p>
<p class="MsoPlainText">&nbsp;&nbsp; process for Workstation and Fusion please see KB57138.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; **These patches include microcode updates required for mitigation of</p>
<p class="MsoPlainText">&nbsp;&nbsp; the Sequential-context attack vector. This microcode may also be</p>
<p class="MsoPlainText">&nbsp;&nbsp; obtained from your hardware OEM in the form of a BIOS or firmware</p>
<p class="MsoPlainText">&nbsp;&nbsp; update. Details on microcode that has been provided by Intel</p>
<p class="MsoPlainText">&nbsp;&nbsp; and packaged by VMware is enumerated in the patch KBs found in the</p>
<p class="MsoPlainText">&nbsp;&nbsp; Solution section of this document.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">4. Solution</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Please review the patch/release notes for your product and version</p>
<p class="MsoPlainText">&nbsp;&nbsp; and verify the checksum of your downloaded file.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter 6.7.0d</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter 6.5u2c</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2c-release-notes.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter 6.0u3h</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_0</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3h-release-notes.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter 5.5u3j</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3j-release-notes.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi 6.7</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/group/vmware/patch</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi670-201808401-BG (esx-base): https://kb.vmware.com/kb/56537</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi670-201808402-BG (microcode): https://kb.vmware.com/kb/56538</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi670-201808403-BG (esx-ui):(https://kb.vmware.com/kb/56897</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi 6.5</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/group/vmware/patch</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi650-201808401-BG (esx-base): https://kb.vmware.com/kb/56547</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi650-201808402-BG (microcode): https://kb.vmware.com/kb/56563</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi650-201808403-BG (esx-ui): https://kb.vmware.com/kb/56896</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi 6.0</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/group/vmware/patch</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi600-201808401-BG (esx-base): https://kb.vmware.com/kb/56552</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi600-201808402-BG (microcode): https://kb.vmware.com/kb/56553</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi600-201808403-BG (esx-ui): https://kb.vmware.com/kb/56895</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi 5.5</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://my.vmware.com/group/vmware/patch</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi550-201808401-BG (esx-base): https://kb.vmware.com/kb/56557</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi550-201808402-BG (microcode): https://kb.vmware.com/kb/56558</p>
<p class="MsoPlainText">&nbsp;&nbsp; ESXi550-201808403-BG (esx-ui): https://kb.vmware.com/kb/56894</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Workstation Pro 14.1.3</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads: https://www.vmware.com/go/downloadworkstation</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation: https://docs.vmware.com/en/VMware-Workstation-Pro/index.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Workstation Player 14.1.3</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads: https://www.vmware.com/go/downloadplayer</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation: https://docs.vmware.com/en/VMware-Workstation-Player/index.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Fusion Pro / Fusion 10.1.3</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Downloads: https://www.vmware.com/go/downloadfusion</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Documentation: https://docs.vmware.com/en/VMware-Fusion/index.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">5. References</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://kb.vmware.com/kb/55636</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://kb.vmware.com/kb/55806</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://kb.vmware.com/kb/57138</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">6. Change log</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; 2018-08-14: Initial security advisory in conjunction with vSphere,</p>
<p class="MsoPlainText">&nbsp;&nbsp; Workstation, and Fusion updates and patches released on 2018-08-14.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">7. Contact</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; E-mail list for product security notifications and announcements:</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; This Security Advisory is posted to the following lists:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; security-announce@lists.vmware.com</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; bugtraq@securityfocus.com</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; fulldisclosure@seclists.org</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; E-mail: security at vmware.com</p>
<p class="MsoPlainText">&nbsp;&nbsp; PGP key at: https://kb.vmware.com/kb/1055</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security Advisories</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/security/advisories</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security Response Policy</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/support/policies/security_response.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Lifecycle Support Phases</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/support/policies/lifecycle.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security &amp; Compliance Blog&nbsp;&nbsp; </p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;https://blogs.vmware.com/security</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Twitter</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://twitter.com/VMwareSRC</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Copyright 2018 VMware Inc. All rights reserved.</p>
<p class="MsoPlainText">-----BEGIN PGP SIGNATURE-----</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">iF0EARECAB0WIQSmJMaUX5&#43;xuU/DnNwMRybxVuL2QwUCW3JEgAAKCRAMRybxVuL2</p>
<p class="MsoPlainText">Q0e5AKCD3Yq7ZCoqxAVh4dgQTsZCx1v1vwCg4nQWrBZ5QoPw/TjCxa4XkCb&#43;aGg=</p>
<p class="MsoPlainText">=sHDu</p>
<p class="MsoPlainText">-----END PGP SIGNATURE-----</p>
</div>
</body>
</html>