Zero Day (i.e., Critical) Security Patches for vSphere (7.x and 8.x) Perpetual License Customers with Expired Support Contracts
search cancel

Zero Day (i.e., Critical) Security Patches for vSphere (7.x and 8.x) Perpetual License Customers with Expired Support Contracts

book

Article ID: 314603

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

On April 15, 2024, Broadcom announced via blog post that all customers, including those with expired support contracts, will have access to all patches for Critical Severity Security Alerts for supported versions of VMware vSphere. 

Supported versions of VMware vSphere are versions 7.x and 8.x. Broadcom defines a zero-day security patch as a patch or workaround for Critical Severity Security Alerts with a Common Vulnerability Scoring System (CVSS) score greater than or equal to 9.0. 

The VMware Security Response Center discloses Critical Severity alerts through the VMware Security Advisory (VMSA). Customers can continue to get VMSA notifications through the existing processes, such as subscribing to VMSA notifications. 

Customers  can continue to apply patches through existing product patching mechanisms, including the VMware Support Portal, and after May 6, 2024, by registering or using their existing registration for  support.broadcom.com. 

Customers should bookmark and follow the VMware Security Response Center (vSRC) which maintains a program to identify, respond and address vulnerabilities. Visit the vSRC at https://www.vmware.com/security/advisories.html


Environment

VMware vSphere ESXi 7.0
VMware vSphere ESXi 8.0
VMware vCenter Server 7.0.0
VMware vCenter Server 8.0
VMware vSphere 7.0.x

Additional Information

The intent of this article is to help customers that are using VMware vSphere (7.x and 8.x) address the most critical security vulnerabilities. Broadcom will provide all perpetual license customers, including those that have expired support contracts, with access to zero-day security patches, which are defined by Broadcom as patches for Critical Severity Security Alerts with a Common Vulnerability Scoring System (CVSS) score greater than or equal to 9.0. VMware Security Advisories are published on the web here: https://www.vmware.com/security/advisories.html