For most organizations running production workloads, the recommended path forward is vSphere Lifecycle Manager (vLCM) with the HPE Customization add-on. This approach delivers automated, desired-state management that eliminates much of the complexity and risk associated with manual patching. For those running HPE Synergy environments, be aware of the deprecation of Synergy-specific custom images beginning with SSP 2026.01.01, and plan to transition to the VMware base image combined with HPE SSP components.
This is the enterprise method. You need PowerCLI installed.
: Each custom image version maps directly to an HPE Service Pack for ProLiant (SPP), taking the guesswork out of lining up your firmware and software driver versions. 🛠️ The Patching Workflow: HPE Image + VMware Updates VMware ESXi Images for HPE Servers | HPE EUROPE hpe custom image for esxi patched
When a zero-day exploit emerges, waiting for an official OEM rebuild is not an option.
If you simply run esxcli software profile update against a VMware stock profile, you risk rolling back critical HPE drivers. The solution? This is the enterprise method
Starting with ESXi 7.0 U3, HPE shifted from using a "OEM-build VIB" identifier to using to identify these patched versions.
By 03:30 UTC, all five hosts in the cluster were patched. The USB arbitrator vulnerability was closed. Sasha checked the critical metrics: 🛠️ The Patching Workflow: HPE Image + VMware
Run the following command to apply the base VMware patch while preserving or updating drivers:
# Put host in maintenance mode esxcli system maintenanceMode set --enable true
If you aren't using vCenter, you can apply patches directly to an existing HPE installation without breaking the custom drivers.
: Ensures compliance with HPE’s hardware support matrices. How to Find and Download Patched HPE Custom Images