Aria Operations USB controller report for Critical Severity VMSA-2024-0006

-

Yesterday VMware released VMSA 2024 0006 that impact all VMs that have configured an USB controller. Matrix response give us two choice: install ESXi patch or apply a workarounds that consist to remove the USB controller from a VMware ESXi virtual machine. If you decide to use the second option I created a report on Aria Operation to determinate which VMs are impacted. 

Below few simple steps to setup the report:

1 - Firs of all you must enable "Disconnected USB controller" properties, in Configure -> Policies -> Policy definitions:


2 - Choose your "Active" policy and click on "edit policy"


3 - Click on "Metrics and Properties"



4 - Search "USB" in virtual machine object type and activate the properties


5 - Create or edit a view adding the "Disconnected USB controller"


6 - Create or edit a report based on the previous view

7 - Filter the column by "false"

Now you have the VMs list affected where you must to remove the USB controller. 

Pay attention: please ensure that the USB controller is not in-use prior to removing it from the virtual machine and this workarounds not fix CVE-2024-22254.

Here some helpful links:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
https://kb.vmware.com/s/article/87617


Thanks for reading!

Commenti

Posta un commento

Post popolari in questo blog

Aria Operations unable to edit credentials

-
Immagine
  After upgrade Aria Operation from 8.14 to 8.16 one of my customers reporting me that can't manage anymore all credentials. The two options under 3-dots "Edit" and "Delete" was grayed out. I found the solution under the release notes; credentials now require an owner and after assign ownership, are editable once again. Below useful links and detailed snapshot: https://docs.vmware.com/en/VMware-Aria-Operations/8.14/rn/vmware-aria-operations-814-release-notes/index.html https://docs.vmware.com/en/VMware-Aria-Operations/8.14/Configuring-Operations/GUID-0D87C202-6F7D-4A7D-A69D-953AC382E37B.html Thanks for reading!
Continua a leggere

Aria Operations for Logs - Increase datastore alert

-
Immagine
  Here a quick and easy alert configuration in Aria Operations for Logs helpful to know when, how much and who increase a datastore size. In query section insert the two text conditions that contain the key words "user:" and "increased in capacity". Don't forget to put "any" to ensure to match both conditions. Lastly put your email address in "Trigger condition" to notify yourself. Thanks for reading!
Continua a leggere

vSphere - NetWorker SQL backups fail with error: "Unable to find VSS metadata files in directory"

-
Immagine
In this post I want analyze a curious behavior of NetWorker SQL backup in vSphere enviroment: Symptoms An examination of the MSVMAppAgent logs on the SQL server show the following errors: C:\Program Files\DPSAPPS\MSVMAPPAGENT\logs\msvmcatsnap.log 171634:msvmagentcatsnap: ===Command Line Arguments===:  C:\Program Files\DPSAPPS\MSVMAPPAGENT\bin\msvmagentcatsnap.exe -i -Extracted VSS metadata file 'C:\Program Files (x86)\EMC\vProxy FLR Agent\tmp\695ccb0f-b0f3-43a5-942f-e0c83fcafe26\vm-180966-vssManifest.zip' to directory 'C:\Program Files\DPSAPPS\MSVMAPPAGENT\tmp\VSSMetadata.2021-07-30_09-08-58'168886: msvmagentcatsnap: Unable to find VSS metadata files in directory C:\Program Files\DPSAPPS\MSVMAPPAGENT\tmp\VSSMetadata.2021-07-30_09-08-58.102333:msvmagentcatsnap:  Exiting with failure. Cause When VMware takes a snapshot of a Windows VM with the Quiesce option enabled it uses the installed VMware tools to query theMicrosoft Volume Shadow Copy service. Then creates a file ca
Continua a leggere