New Venom Vulnerability Affects Virtualised Environments

By   ISBuzz Team
Writer , Information Security Buzz | May 21, 2015 05:05 pm PST

CrowdStrike* researchers recently announced the discovery of a new vulnerability in many popular virtual machine platforms.  Dubbed ‘Venom’ the zero-day flaw reportedly affects virtual floppy drive code used by computer virtualisation platforms.  The vulnerability could allow attackers to gain access outside of an affected virtual machine, potentially putting sensitive information at risk.

Chris Oakley, Principal Security Consultant at cyber security consultancy, Nettitude, has made the following comments:

“It is not surprising that the attack vector for Venom lies in older and probably neglected code.  We often see the highest impact attacks resulting from legacy code; the floppy disk controller that yields the Venom vulnerability is no exception.  There are hints of Heartbleed in this regard, where the root cause was in the neglected but heavily relied upon OpenSSL library.  In this case, though, the impact is arguably not as high.

“Via exploitation, an attacker can break out of their guest Operating System to gain full and high privileged access to the host Operating System.  A successful attack would likely result in the compromise of multiple unrelated entities and could be set up simply by purchasing a cheap VPS on an affected cloud providers server.  Unfortunately, even those individuals who have disabled the affected floppy disk controller remain vulnerable.  As always, expedient patching will play a crucial role in defence.  In this case, patching must be performed by the cloud provider at the host level.

“It remains to be seen exactly how widespread an impact this will have, but the prognosis is looking relatively positive.  There is currently no public exploit code available and there is no known example of this vulnerability being exploited in the wild.  Additionally, all of the affected major cloud companies have confirmed that they have patched Venom or are unaffected  by it.  Concerned VPS customers, especially of smaller and budget cloud providers, should contact their provider and seek a status confirmation.”

For more information about venom crowdstrike visit HERE

About Nettitude

NettitudeNettitude provides cyber security, GRC, security architecture, infrastructure and cyber incident response services to organisations across the world. With every engagement we aim to provide tailored and pragmatic consultancy services that are designed to meet the client’s unique challenges. Established in 2003, Nettitude has headquarters in the UK and North America. We are proud to be one of a handful of companies worldwide to hold prestigious accreditations in information security testing and the Payment Card Industry Data Security Standard (PCI DSS).Nettitude operates across North America with offices in New York (NY), Austin (TX) and San Francisco (CA).

About CrowdStrike

CrowdStrikeCrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time.CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.