We are upgrading VMware ESXi and vCenter Servers to address CVE-2021-21972, CVE-2021-21973, CVE-2021-21974
We are upgrading VMware ESXi and vCenter Servers to the latest relevant version to address CVE-2021-21972, CVE-2021-21973, CVE-2021-21974
| Sites | All Datacentres (ISL1, ISL2, VEN1, NGD1, NNH1) |
| Date | Saturday, 27th February 2021 to Friday, 5th March 2021 |
| Time | Between 9:00AM and 05:30PM GMT |
| Works | Upgrading VMware ESXi and vCenter Servers |
Following an announcement by VMware of a critical vulnerability found within ESXi and vCenter products which allows for the execution of commands with unrestricted privileges on the underlying operating system, we are carrying out emergency patching to the latest available version applicable to each of our Sites (see “Sites” specified above).
Customer virtual machines should remain unaffected by this maintenance however please note you will not be able to manage your VM’s via the VPC Portal while the upgrade is taking place to vCenter Servers on the following dates:
| ISL1 | Sunday, 28th February 2021 – 10:00 AM to 12:00 PM GMT |
| ISL2 | Saturday, 27th February 2021 – 02:00 PM to 04:00 PM GMT |
| NGD1 | Sunday, 28th February 2021 – 11:00 AM to 01:00 PM GMT |
| NNH1 | Sunday, 28th February 2021 – 12:00 PM to 02:00 PM GMT |
| VEN1 | Sunday, 28th February 2021 – 10:00 AM to 12:00 PM GMT |
All host upgrades are not expected to have an impact on service availability, however, if believe you have been adversely impacted by our upgrades, please reach out to us 24/7 by calling 020 7183 2540.
We will continue to provide updates below as we continue to patch each Site. Please note, due to the urgency of the works, updates may be slightly delayed in relation to when they are completed.
We would like to take this opportunity to re-assure clients that the components affected by this vulnerability are only accessible via our internal networks and not publicly available. This mitigates against external attacks and does mean our platform is highly unlikely to be vulnerable to external threats. Patching is being carried out as a precautionary measure to further mitigate against any attacks.
Updates
Sunday, 07th March2021 – 06:30 PM GMT
Upgrades to all Hosts have been completed which means this vulnerability has now been further mitigated against by means of patching.
Sunday, 28th March2021 – 05:30 PM GMT
Upgrade to all vCenters complete.
Saturday, 27th February 2021 – 02:00 PM GMT
Upgrades to all vCenters and Hosts are starting now.
