Upgrading vSphere Web Client due to Fix Security Issue CVE-2015-2342 5.5u3b

These are the steps I took to apply this fix:

First thing I did is I took a Veeam backup of the VM, then I copied over the files as downloaded from:

Additional patch for security issue CVE-2015-2342 for vCenter Server 5.x on Windows (2144428)

I did a md5 check

Opened Command Prompt as administrator, and navigated to the folder where I had extracted the script and ran:

cscript JMXScript5.<x>.vbs "<location_of_wrapper.conf_file>"

cscript JMXScript5.5.vbs "C:\Program Files\VMware\Infrastructure\vShereWebClient\server\bin\service\conf\wrapper.conf"

Since I was running 5.5u3b, I already had a partial fix so it was just a matter of running the script to fully patch it. The script stops the web service, does it business and restarts the web service again. This takes about a minute or so.

The script outputs a log file to the same folder as the actual script:

cve-2015-2342_patch1

I then logged into the web client and confirmed it was all working as it should. If you do the same, you will see this at the command line:

cve-2015-2342_patch2

I then did exactly the same thing at my DR site too.

Important: Check for the Finish script execution message in the jmxscript.log file to confirm the execution of the script. Location of the log file is same as the folder from where the script is executed.

Be the first to comment

Leave a Reply