Venom – which sounds more like a bad Marvel villain than anything technical*– is a new vulnerability that’s been found in virtualisation tech. Some are calling it one of the biggest vulnerabilities found this year, so if you’re wondering what the heck it is, whether it affects you and what the devil it has to do with snakes, read on!
What is it?
Venom (Virtualized Environment Neglected Operations Manipulation) is a vulnerability in QEMU’s virtual Floppy Disk Controller (FDC) – yes, those little plastic squares still exist, they’re just stored on virtual machines rather than your living room floor now!.
It doesn’t discriminate against operating systems – any could be vulnerable – and the affected virtualisation platforms include Xen, KVM, and Oracle’s VirtualBox; so if you use any of these make sure you’re protected by updating your system and applying any patches.
However, it’s been stated across all current information on this bug that VMware, Microsoft Hyper-V, and Bochs hypervisors are not affected – the first two are the main platforms that UKFast use.
The bad news
In theory, an attacker exploiting Venom can compromise multiple systems and take over massive parts of Data Centres from within – so it could take over a DC by breaking into one machine and jumping about into the others.
“Heartbleed lets an adversary look through the window of a house and gather information based on what they see,” said CrowdStrike’s Jason Geffner, the researcher who found the bug. “Venom allows a person to break in to a house, but also every other house in the neighborhood as well.”
The better news
Well, firstly you need admin/root privileges to carry out an attack using this – so the attackers would have to find a way to get into the system first – and there haven’t been any exploits seen in the wild (yet).
Second, it only affects certain software and, in many cases, these will already have been patched.
**UKFast Customers please read**
Even better news – you are not affected as we disable legacy floppy disks on our servers as default; OpenStack is the only mainstream virtualisation tech we use out of the list, but we patched it yesterday.
It also doesn’t affect our eCloud, so if you’re a Public or Private eCloud customer you’re grand.
However, for any UKFast clients running their own virtual solution or virtual testing platforms on virtual technologies that are not UKFast’s VMWare or Hyper-v Hypervisors, you may want to give your solution a once over to ensure it’s patched.
If you’re at all concerned give your account manager a call!
*Talking of which, it’s superhero day tomorrow!