Vulnerabilities

A Complete Guide to Easy VMWare Patch Management

Patch management is the process of distributing and applying updates to software, crucial for security, compliance, and system uptime. Mondoo offers a solution to identify missing patches and facilitate their deployment across your infrastructure, ensuring a robust security posture.

800x418 blog feature images (4)-3

What is patch management?

Patch management is the process of distributing and applying updates to software, such as operating systems (OS), platforms, and applications. It involves identifying out-dated software within your infrastructure, applying patches to that software, and validating the installation of those patches. These patches are often necessary to fix errors in the software, which are often referred to as vulnerabilities or bugs.

Why is patch management important?

Patch management is important for three main reasons:

  • Security: Patch management fixes vulnerabilities in your software (OS, platform, application) that are susceptible to exploitation. It helps your organization to reduce the risk of cyberattacks.
  • Compliance: Organizations are often required by regulators to follow strict guidelines because of the constant increase in cyberattacks. Patch management is a necessary part of complying to certain standards, such as PCI-DSS, HIPAA, SOC2, ISO27001, or BSI.
  • System uptime: Patch management ensures your software is kept up-to-date and running smoothly without errors causing system downtime.

Finding missing patches with Mondoo

As a part of its full-stack security solution, Mondoo identifies what important patches are missing from your systems. For this blog post, I set up some vagrant Linux machines with out-of-date operating systems. I’ll use them to walk through some different ways that Mondoo shows you the patches needed.  

Prerequisite: Please create a free account on console.mondoo.com.

Find missing patches using Mondoo Client

Install and register Mondoo Client on Linux or Windows systems. Also, you can use the Mondoo VMware appliance. For this blog post, I will use the Mondoo VMware appliance.

1. Follow our documentation  to deploy the Mondoo VMware appliance.

2. Register Mondoo Client:

a. Log into your account at console.mondo.com.

unnamed-3

b. Go to the INTEGRATIONS page, scroll to Cloud Security, and select VMware.

unnamed (1)-2

c. Find the Install Mondoo Client box. Copy the CLI commands Mondoo provides and paste them into the shell of the Mondoo VMware appliances.

mondoo@debian:~$ # login to the virtual machine
export MONDOO_REGISTRATION_TOKEN="eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9.eyJhcGlfZW5kcG9pbnQiOiJodHRwczovL3VzLmFwaS5tb25kb28uY29tIiwiYXVk
IjpbIm1vbmRvbyJdLCJkZXNjIjoiIiwiZXhwIjoxNjU5NjEwNzY1LCJpYXQiOjE2NTk2MTAxNjUsImlzcyI6Im1vbmRvby9hbXMiLCJsYWJlbHMiOm51bGwsIm5iZiI6MTY1OTY
xMDE2NSwib3duZXIiOiIiLCJzcGFjZSI6Ii8vY2FwdGFpbi5hcGkubW9uZG9vLmFwcC9zcGFjZXMvaW5mYWxsaWJsZS1icmFobWFndXB0YS00NDI3NTkiLCJzdWIiOiIvL2NhcH
RhaW4uYXBpLm1vbmRvby5hcHAvdXNlcnMvMjFNRFNRM2pQSk1LRHMxV3dxcjlWeW1YZlFLIn0.PSVOTPcaLMCHl7BTGvDydOgHrXGzjTabkCpdR3pBvxWyvCIhFNItyVybuRRXs
MFsC-Q5LPH9jBJr8ZvoKPGOrnR10Az7dg6xblHVwfO0yttuXWRfQUJab2YPzqI4nYey"
sudo mondoo register -t $MONDOO_REGISTRATION_TOKEN
→ token will expire at Thu, 04 Aug 2022 14:00:46 UTC
→ start managed client registration
→ saving mondoo config path=/etc/opt/mondoo/mondoo.yml
→ config file does not exist, create a new one path=/etc/opt/mondoo/mondoo.yml
→ client //agents.api.mondoo.app/spaces/infallible-brahmagupta-442759/agents/2Ct7sWRmFeamn9ybVS8LuoByZxW is registered successfully

Find and fix the security risks that pose the biggest threat to your business.

d. Quickly verify that the following policies are enabled for your space:

  • Platform End-of-Life Policy by Mondoo
  • Platform Vulnerability Policy by Mondoo

Your POLICY HUB should look like this:

policy hub-2

3. Run the Mondoo scan

a. Scan a single ESXi host:

In the shell of the Mondoo VMware appliance, type:

mondoo scan vsphere root@<esxi ip> --ask-pass --discover host-machines

Mondoo Client connects to Mondoo Platform and downloads the enabled policies. After the scan, Mondoo Client reports results back to Mondoo Platform.

mondoo@debian:~$ mondoo scan vsphere root@192.168.5.21 --ask-pass --discover host-machines
Enter password:   
→ Mondoo 6.9.0+7514 (Space: "//captain.api.mondoo.app/spaces/infallible-brahmagupta-442759", Service Account: "2CtUXNVs80izzkbjcr7crgqX
KlL", Managed Client: "2Ct7sWRmFeamn9ybVS8LuoByZxW")
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source --config
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=2
→ establish connection to asset 192.168.5.21 (VMware ESXi) (api)

███████████████████████████████████████████████████████████████████████████ 100% 192.168.5.21 (VMware ESXi)

→ send all results asset="192.168.5.21 (VMware ESXi)"
→ establish connection to asset localhost.localdomain (baremetal)

███████████████████████████████████████████████████████████████████████████ 100% localhost.localdomain

→ send all results asset=localhost.localdomain
→ scan took 4.568075867s

Data queries:
platform.eol.date: 2025-04-02 00:00:00 +0000 UTC
mondoo.jobEnvironment: {
 id: "client.mondoo.com"
 name: "Mondoo Client"
}
mondoo.version: "6.9.0+7514"
platform.vulnerabilityReport: {
 platform: {
   build: "19035710"
   name: "vmware-vsphere"
   release: "7.0.3"
   title: "VMware ESXi 7.0.3 build-19035710, vSphere"
 }
 published: "2022-08-05T10:39:24Z"
 stats: {
   advisories: {}
... 5 more lines ...
vsphere.about[fullName]: "VMware ESXi 7.0.3 build-19035710"
platform.release: "7.0.3"
vsphere.about[osType]: "vmnix-x86"
platform.title: "VMware ESXi 7.0.3 build-19035710, vSphere"
platform.arch: ""

Controls:
✓ Pass:  Ensure the platform is not End-of-Life
✓ Pass:  Ensure no known platform CVEs exist
✓ Pass:  Ensure no known platform advisories exist
✓ Pass:  Platform is not end-of-life

Data queries:
esxi.host.properties[summary][config][product][osType]: "vmnix-x86"
platform.title: "VMware ESXi, vSphere Host"
platform.eol.date: 2025-04-02 00:00:00 +0000 UTC
platform.vulnerabilityReport: {
 advisories: [
   0: {
     ID: "VMSA-2022-0004"
     Mrn: "//vadvisor.api.mondoo.app/advisories/VMSA-2022-0004"
     cves: [
       0: {
         ID: "CVE-2021-22042"
         Mrn: "//vadvisor.api.mondoo.app/cves/CVE-2021-22042"
         cvss: [
... 326 more lines ...
esxi.host.properties[hardware][systemInfo][uuid]: "fe664d56-f513-9098-0e12-4e5ffce68410"
platform.arch: ""
esxi.host.properties[hardware][biosInfo][biosVersion]: "VMW71.00V.18452719.B64.2108091906"
esxi.host.properties[summary][config][product][fullName]: "VMware ESXi 7.0.3 build-19035710"
mondoo.jobEnvironment: {
 id: "client.mondoo.com"
 name: "Mondoo Client"
}
mondoo.version: "6.9.0+7514"
platform.release: "7.0.3"
esxi.host.name: "localhost.localdomain"

Controls:
✕ Fail:  Ensure no known platform advisories exist
✓ Pass:  Ensure the platform is not End-of-Life
✕ Fail:  Ensure no known platform CVEs exist
✓ Pass:  Platform is not end-of-life


Vulnerabilities:
■ No advisories found (passed)                                                                                                          

Overall CVSS score: 0.0
                                                                                                                                       
                                                                                                                                       
Summary                                                                                                                                 
========================                                                                                                                
                                                                                                                                       
Target:     192.168.5.21 (VMware ESXi)                                                                                                  
Score:      A   100/100     (100% completed)                                                                                            
✓ Passed:   ███████████████ 100% (4)                                                                                                    
✕ Failed:   0% (0)                                                                                                                      
! Errors:   0% (0)                                                                                                                      
» Skipped:  0% (0)                                                                                                                      
                                                                                                                                       
Policies:
.  ..  Platform Overview Information by Mondoo
A 100  Platform End-of-Life Policy by Mondoo
A 100  Platform Vulnerability Policy by Mondoo                                                                                          
                                                                                                                                       
Report URL: https://console.mondoo.com/space/fleet/2CvvR5ddjYP4pPWu1BbuPCy0vYW?spaceId=infallible-brahmagupta-442759
Vulnerabilities:
 ■  SCORE  ADVISORY        CURRENT         FIXED         PATCH                                                                         
 ■  2.1    VMSA-2022-0016  7.0.3/19035710  7.0/19898904  ESXi70U3e-19898904 + KB88632   
 ■  5.6    VMSA-2022-0020  7.0.3/19035710  7.0/20036589  ESXi70U3sf-20036586            
 ■  6      VMSA-2022-0004  7.0.3/19035710  7.0/19193900  ESXi70U3c-19193900             
 ■  6.9    VMSA-2022-0001  7.0.3/19035710  7.0/19193900  ESXi70U3c-19193900             

Overall CVSS score: 6.9
                                                                                                                                       
                                                                                                                                       
Summary                                                                                                                                 
========================                                                                                                                
                                                                                                                                       
Target:     localhost.localdomain                                                                                                       
Score:      B    65/100     (100% completed)                                                                                            
✓ Passed:   ████████ 50% (2)                                                                                                            
✕ Failed:   ████████ 50% (2)                                                                                                            
! Errors:   0% (0)                                                                                                                      
» Skipped:  0% (0)                                                                                                                      
                                                                                                                                       
Policies:
.  ..  Platform Overview Information by Mondoo
C  31  Platform Vulnerability Policy by Mondoo
A 100  Platform End-of-Life Policy by Mondoo                                                                                            
                                                                                                                                       
Report URL: https://console.mondoo.com/space/fleet/2CvvR8OoxCLSncUlFrWHOkKulkQ?spaceId=infallible-brahmagupta-442759

b. Scan a complete VMWare cluster:

In the shell of your Mondoo VMware appliance, type:

mondoo scan vsphere <user>@vsphere.local@<vcenter ip> --ask-pass --discover host-machines

Mondoo Client connects to Mondoo Platform and downloads the enabled policies. After the scan, Mondoo Client reports results back to Mondoo Platform.

mondoo@debian:~$ mondoo scan vsphere root@192.168.5.21 --ask-pass --discover host-machines
Enter password:   
→ Mondoo 6.9.0+7514 (Space: "//captain.api.mondoo.app/spaces/infallible-brahmagupta-442759", Service Account: "2CtUXNVs80izzkbjcr7crgqX
KlL", Managed Client: "2Ct7sWRmFeamn9ybVS8LuoByZxW")
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source --config
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=2
→ establish connection to asset 192.168.5.21 (VMware ESXi) (api)

███████████████████████████████████████████████████████████████████████████ 100% 192.168.5.21 (VMware ESXi)

→ send all results asset="192.168.5.21 (VMware ESXi)"
→ establish connection to asset localhost.localdomain (baremetal)

███████████████████████████████████████████████████████████████████████████ 100% localhost.localdomain

→ send all results asset=localhost.localdomain
→ scan took 4.568075867s

Data queries:
platform.eol.date: 2025-04-02 00:00:00 +0000 UTC
mondoo.jobEnvironment: {
 id: "client.mondoo.com"
 name: "Mondoo Client"
}
mondoo.version: "6.9.0+7514"
platform.vulnerabilityReport: {
 platform: {
   build: "19035710"
   name: "vmware-vsphere"
   release: "7.0.3"
   title: "VMware ESXi 7.0.3 build-19035710, vSphere"
 }
 published: "2022-08-05T10:39:24Z"
 stats: {
   advisories: {}
... 5 more lines ...
vsphere.about[fullName]: "VMware ESXi 7.0.3 build-19035710"
platform.release: "7.0.3"
vsphere.about[osType]: "vmnix-x86"
platform.title: "VMware ESXi 7.0.3 build-19035710, vSphere"
platform.arch: ""

Controls:
✓ Pass:  Ensure the platform is not End-of-Life
✓ Pass:  Ensure no known platform CVEs exist
✓ Pass:  Ensure no known platform advisories exist
✓ Pass:  Platform is not end-of-life

Data queries:
esxi.host.properties[summary][config][product][osType]: "vmnix-x86"
platform.title: "VMware ESXi, vSphere Host"
platform.eol.date: 2025-04-02 00:00:00 +0000 UTC
platform.vulnerabilityReport: {
 advisories: [
   0: {
     ID: "VMSA-2022-0004"
     Mrn: "//vadvisor.api.mondoo.app/advisories/VMSA-2022-0004"
     cves: [
       0: {
         ID: "CVE-2021-22042"
         Mrn: "//vadvisor.api.mondoo.app/cves/CVE-2021-22042"
         cvss: [
... 326 more lines ...
esxi.host.properties[hardware][systemInfo][uuid]: "fe664d56-f513-9098-0e12-4e5ffce68410"
platform.arch: ""
esxi.host.properties[hardware][biosInfo][biosVersion]: "VMW71.00V.18452719.B64.2108091906"
esxi.host.properties[summary][config][product][fullName]: "VMware ESXi 7.0.3 build-19035710"
mondoo.jobEnvironment: {
 id: "client.mondoo.com"
 name: "Mondoo Client"
}
mondoo.version: "6.9.0+7514"
platform.release: "7.0.3"
esxi.host.name: "localhost.localdomain"

Controls:
✕ Fail:  Ensure no known platform advisories exist
✓ Pass:  Ensure the platform is not End-of-Life
✕ Fail:  Ensure no known platform CVEs exist
✓ Pass:  Platform is not end-of-life


Vulnerabilities:
■ No advisories found (passed)                                                                                                          

Overall CVSS score: 0.0
                                                                                                                                       
                                                                                                                                       
Summary                                                                                                                                 
========================                                                                                                                
                                                                                                                                       
Target:     192.168.5.21 (VMware ESXi)                                                                                                  
Score:      A   100/100     (100% completed)                                                                                            
✓ Passed:   ███████████████ 100% (4)                                                                                                    
✕ Failed:   0% (0)                                                                                                                      
! Errors:   0% (0)                                                                                                                      
» Skipped:  0% (0)                                                                                                                      
                                                                                                                                       
Policies:
.  ..  Platform Overview Information by Mondoo
A 100  Platform End-of-Life Policy by Mondoo
A 100  Platform Vulnerability Policy by Mondoo                                                                                          
                                                                                                                                       
Report URL: https://console.mondoo.com/space/fleet/2CvvR5ddjYP4pPWu1BbuPCy0vYW?spaceId=infallible-brahmagupta-442759
Vulnerabilities:
 ■  SCORE  ADVISORY        CURRENT         FIXED         PATCH                                                                         
 ■  2.1    VMSA-2022-0016  7.0.3/19035710  7.0/19898904  ESXi70U3e-19898904 + KB88632   
 ■  5.6    VMSA-2022-0020  7.0.3/19035710  7.0/20036589  ESXi70U3sf-20036586            
 ■  6      VMSA-2022-0004  7.0.3/19035710  7.0/19193900  ESXi70U3c-19193900             
 ■  6.9    VMSA-2022-0001  7.0.3/19035710  7.0/19193900  ESXi70U3c-19193900             

Overall CVSS score: 6.9
                                                                                                                                       
                                                                                                                                       
Summary                                                                                                                                 
========================                                                                                                                
                                                                                                                                       
Target:     localhost.localdomain                                                                                                       
Score:      B    65/100     (100% completed)                                                                                            
✓ Passed:   ████████ 50% (2)                                                                                                            
✕ Failed:   ████████ 50% (2)                                                                                                            
! Errors:   0% (0)                                                                                                                      
» Skipped:  0% (0)                                                                                                                      
                                                                                                                                       
Policies:
.  ..  Platform Overview Information by Mondoo
C  31  Platform Vulnerability Policy by Mondoo
A 100  Platform End-of-Life Policy by Mondoo                                                                                            
                                                                                                                                       
Report URL: https://console.mondoo.com/space/fleet/2CvvR8OoxCLSncUlFrWHOkKulkQ?spaceId=infallible-brahmagupta-442759

On the Mondoo Space OVERVIEW page, you can see the VMware cluster and the top vulnerabilities within the Space:

unnamed (2)-1

Select FLEET and then select the Windows asset to see Mondoo Asset OVERVIEW page of an ESXi system.

unnamed (3)

Select Platform Vulnerabilities to see the Advisories and CVEs that affect the system. Mondoo shows:

  • An overview of the advisories and CVEs
  • How critical the vulnerability is
unnamed (4)

If you select POLICY HUB, Platform Vulnerability Policy by Mondoo, and Advisories, you see an overview of all advisories within the VMware’s Space. For each advisory, Mondoo shows:

  • When it was found
  • How many assets have it
  • The fix status
platform vulnerability policy

You can continuously scan your VMware cluster: Follow the instructions in our documentation.

Don’t stop at scanning the machines I set up for this exercise! You can follow the same steps to scan your own infrastructure. Mondoo’s full-stack security solution identifies vulnerabilities and provides steps to fix the problems. Keep scanning and discover how you can harden your systems. If you have questions, we’d love to help.

Patrick Münch

Chief Information Security Officer (CISO) at Mondoo, Patrick is highly skilled at protecting and hacking every system he gets his hands on. He built a successful penetration testing and incident response team at SVA GmbH, their goal to increase the security level of companies and limit the impact of ransomware attacks. Now, as part of the Mondoo team, Patrick can help protect far more organizations from cybersecurity threats.

You might also like

Overview of Changes and New Security Features in Windows Server 2025
Releases
Mondoo October 2024 Release Highlights
Releases
Mondoo September 2024 Release Highlights