VMware CEO apologizes for faulty patch

Originally posted Aug. 12 at 4:24 p.m. and updated Aug. 13 at
2:25 p.m.


Aug. 12 was a blow-out day for some users of VMware's ESX 3.5
and ESXi 3.5 virtualization products, especially if they had
applied the latest product updates called "Update 2."


The company issued an initialknowledge base article (KB 1006716) yesterday about the
problem, which causes licenses to expire on the patched machines,
along with other associated difficulties. VMware plans to provide
additional information on the matter by revising its KB 1006716
bulletin in the future, according to the company's VMTN blog.


VMware's CEO, Paul Maritz, released a letter yesterday, apologizing to
customers and explaining the problem.


"When the time clock in a server running ESX 3.5 or ESXi 3.5
Update 2 hits 12:00AM on August 12th, 2008, the released code
causes the product license to expire," Maritz wrote.'"The
problem has also occurred with a recent patch to ESX 3.5 or ESXi
3.5 Update 2."


Users of those products that applied Update 2 will see a number
of problems with their virtual machines, including power off/on
problems, machines stuck in suspend mode and an inability to
migrate using VMotion.


VMotion is the function that lets users move their virtual
machines from one physical server to another.


VMware has issued twoexpress patches (one for ESX 3.5 and the other for ESXi
3.5) for those who applied the updates. Those who haven't applied
the ESX 3.5 Update 2 patch should refrain from doing so if they
downloaded it before August 12, 2008, according to KB 1006716.


The company plans to issue a full replacement for Update 2 in
the next day or so, according to Maritz. He added that this Update
2 replacement "should be used by customers who want to perform
fresh installs of ESX or ESXi."


Maritz explained the VMware failed to disable some code in the
final release of Update 2 for both products and that the company's
quality assurance process failed to catch it. He said that the
company is engaged in a "self-examination" process to avoid such
problems in the future.


A VMware security blog said that the
update problem is not related to an ESX security exploit issue.
It's a license time out problem, so it doesn't mean that systems
running ESX were compromised by an attack.


It's not clear how extensive the damage has been, although
VMware in Australia, which reported first on the problem because of
time zone progression, apparently knew of few incidents, according
to one report.



About the Author

Kurt Mackie is the online news editor for the 1105 Enterprise Computing Group sites, including Redmondmag.com, RCPmag.com and MCPmag.com.

inside gcn

  • automated security (Oskari Porkka/Shutterstock.com)

    How to create a secure cyber environment

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group