VMware has made available patches and update releases to address critical security issues for several products including ESX, ESXi, Workstation, and Player. As a best practice, VMware recommends that customers install all security patches to maximize the protection that VMware provides.

This article lists all latest security patches available for VMware ESXi and VMware ESX as of June 14, 2012. Updating to these patches allows you to achieve maximum protection. This list does not include patches obsoleted by the later patches.

 

Security Patch Table

 

Product Version Patch
ESXi 5.0 ESXi500-201206401-SG
ESXi500-201205401-SG
ESXi500-201203102-SG
ESXi500-201203103-SG
4.1 ESXi410-201206401-SG
ESXi410-201205401-SG
4.0 ESXi400-201206401-SG
ESXi400-201205401-SG
ESXi400-201103402-SG
3.5 Prerequisite:
June 2011 3.5 U5 roll-up

Subsequent security patches:
ESXe350-201206401-O-SG
VI Client
VMware Tools
Firmware
ESXe350-201205401-O-SG
VI Client
VMware Tools
Firmware
ESXe350-201105401-O-SG
VI Client
VMware Tools
Firmware

ESX 4.1 ESX410-201206401-SG
ESX410-201205401-SG
ESX410-201204402-SG
ESX410-201201407-SG
ESX410-201201406-SG
ESX410-201201405-SG
ESX410-201201404-SG
ESX410-201201402-SG
ESX410-201110225-SG
ESX410-201110224-SG
ESX410-201110207-SG
ESX410-201110206-SG
ESX410-201110204-SG
ESX410-201110201-SG
ESX410-201107406-SG
ESX410-201107405-SG
ESX410-201104407-SG
ESX410-201104404-SG
ESX410-201104403-SG
ESX410-201010413-SG
ESX410-201010412-SG
ESX410-201010409-SG
ESX410-201010404-SG
ESX410-201010402-SG
4.0 ESX400-201206401-SG
ESX400-201205401-SG
ESX400-201203407-SG
ESX400-201203406-SG
ESX400-201203405-SG
ESX400-201203404-SG
ESX400-201203403-SG
ESX400-201203402-SG
ESX400-201110410-SG
ESX400-201110409-SG
ESX400-201110408-SG
ESX400-201110406-SG
ESX400-201103407-SG
ESX400-201103405-SG
ESX400-201103404-SG
ESX400-201101404-SG
ESX400-201101402-SG
ESX400-201009411-SG
ESX400-201009407-SG
ESX400-201009406-SG
ESX400-201009402-SG
ESX400-201005407-SG
ESX400-201005405-SG
ESX400-201005404-SG
ESX400-201003403-SG
ESX400-201002407-SG
ESX400-201002406-SG
ESX400-201002404-SG
ESX400-200912404-SG
ESX400-200911239-SG
ESX400-200911234-SG
ESX400-200906411-SG
3.5 Prerequisite:
June 2011 3.5 U5 roll-up

Subsequent security patches:
ESX350-201206401-SG
ESX350-201205401-SG
ESX350-201203405-SG
ESX350-201203403-SG
ESX350-201203401-SG
ESX350-201105406-SG
ESX350-201105404-SG
ESX350-201105401-SG
ESX350-201012409-SG
ESX350-201012408-SG
ESX350-201012401-SG
ESX350-201008412-SG
ESX350-201008411-SG
ESX350-201008407-SG
ESX350-201008406-SG
ESX350-201008405-SG
ESX350-201006407-SG
ESX350-201006406-SG
ESX350-201006405-SG
ESX350-201006401-SG

Note: Patches are delivered in RPM or VIB format depending on the ESX/ESXi version. VMware packaging policy dictates that the content of a patch RPM or VIB is cumulative throughout the product support life cycle. For example, if you apply a bulletin containing the highest version of an ESX-base VIB for ESXi 5.0, you do not need to apply the lower versions of ESX-base VIB. All VMware patching tools are able to parse the format of a package’s version and determine the latest packages for installation based on the query baseline.

Finding and Downloading Security Patches

You can find and download patches through the Download Patch Portal or vSphere Update Manager.

  • Download Patch Portal. Go to the Download Patch Portal. Use the Search by Product area to select your product and release. Filter your search classification by Security. Your search results should list only bulletin names with an extension of –SG. Search results are in chronological order, from most recent to earliest.

    Use the Download link to download the patches you want to install. If you want only security patches published after a particular ESXi or ESX Update release, download only the patches that have a Release Date later than the Update release running on your hosts. After you download a security patch, follow the installation instructions in the Knowledge Base article that appears in the Bulletin List column of your filtered search.

  • vSphere Update Manager. Go to the Update Manager area of the vSphere Client. Update Manager downloads all patch metadata and displays the patches in the Patch Repository area of the user interface, and you can identify the security patches by –SG extension at the end of the bulletin name. Depending on the Update Manager release, you can also find security patches as follows.
    • Update Manager 5.0. Look in the Category column of the Patch Repository table.
    • Update Manager 4.x and earlier. Look in the Severity column of the Patch Repository table.

Installing ESXi and ESX Patches with Update Manager

You can apply security patches through Update Manager host remediation. To remediate a host in Update Manager, create a fixed baseline that defines the patches you want for remediation or a dynamic baseline that defines the category of patches you want for remediation. Then, remediate your hosts against the baseline.