Venom Bug Puts Vms In Hackers Crosshairs

‘Venom’ Bug Puts VMs in Hackers’ Crosshairs

Arraya Insights | May 21, 2015

There’s a new vulnerability with a scary name in town and it’s causing some in IT to question the security of their virtual machines (VMs). This new bug, which has been dubbed “Venom” (short for “Virtualized Environment Neglected Operations Manipulation”), could allow attackers to roam freely among all of the VMs running on a server.

Specifically, Venom affects the virtual floppy disk controller of the free, open source hypervisor known as Quick Emulator (QEMU). The prevailing idea why the Venom vulnerability went unnoticed until recently is that it was lurking in such a low-traffic area of the hypervisor.

In theory, a Venom-based attack would go like this: Hackers would first need access to a VM with a system’s root privileges. By sending malicious code to the floppy disk controller, hackers could crash the hypervisor. This would allow them to escape their own VM and gain complete access to the other VMs managed by that hypervisor.

The list of potentially-impacted virtualization platforms include: Xen, KVM and Oracle’s VirtualBox. The good news is that VMware, Microsoft Hyper-V and others aren’t affected. Even without those giants in the mix, CrowdStrike’s Jason Geffner (the researcher who first discovered Venom) theorized that millions of VMs are still potentially in attackers’ crosshairs.

As is becoming tradition whenever a new vulnerability grabs everyone’s attention, Venom is being stacked up against Heartbleed, which terrorized OpenSSL security last spring. That bug allowed attackers to tap in to private communications or impersonate users and services to steal sensitive data. How does Venom compare? Well, it’s already being dubbed “bigger than Heartbleed” by some, so that should give you a pretty good idea. The issue with Venom is that it affects systems with a high level of administrative access. This could allow attackers to do significantly more damage.

Patches and advisories have begun rolling out from providers whose products may be affected. If you’re running any of those machines in your own data center and you aren’t set-up for auto-patching, you’ll want to manually apply those updates ASAP to avoid any issues.

Keeping your systems safe

This story serves as a good reminder about the importance of keeping up with patches and updates. Now, no IT team is going to sleep on patching against the biggest and baddest vulnerability in town, but other, less headline-grabbing, updates can sometimes get put on the back burner. If those updates start to pile up, it can leave a system susceptible to an attack.

That’s where having a partner like Arraya can help. Arraya’s Managed Services team can handle anything from routine maintenance and patching to higher-value projects. It’s a way of extending the capabilities and vision of your team without increasing its size.

To find out more about Arraya’s Managed Services, as well as the latest networking/voice, ESM, storage and enterprise solutions, sign up for the 2015 Arraya Tech Summit. This free, day-long event will feature presentations from Arraya’s industry-leading team of experts on the subjects today’s IT pros care about the most. At Arraya we know what we love and we love what we do. We invite you to share our passion at the Tech Summit, which will be held on June 4 at the Sheraton Valley Forge in King of Prussia.

For all of the latest Tech Summit and Arraya updates, be sure to follow us on Twitter @ArrayaSolutions.