A newly discovered security vulnerability dubbed Venom, found in the virtualization platforms put millions of virtual machines under cyber attacks.
Geffner says- the flaw could be exploited by an attacker to compromise any machine in a data center’s network, according to the expert millions of virtual machines are vulnerable to attack.
What is VENOM?VENOM is the acronym for “Virtual Environment Neglected Operations Manipulation,” it is a flow that affects the floppy disk controller driver for QEMU, which is an open-source computed emulator known as a hypervisor that is used for the management of virtual machines.
VENOM is considered a very dangerous and critical security issue as, exploiting the VENOM vulnerability one can get access to corporate intellectual property (IP), and sensitive and personally identifiable information (PII), which will potentially affect thousands of organizations and millions of end user’s connectivity, storage, security, and privacy.
CrowdStrike has already reported the issue to many of the vendors, and some of the following vendors have already released a patch for the vulnerability.
- QEMU: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
- Xen Project: http://xenbits.xen.org/xsa/advisory-133.html
- Red Hat: https://access.redhat.com/articles/1444903
- Citrix: http://support.citrix.com/article/CTX201078