CrowdStrike* researchers recently announced the discovery of a new vulnerability in many popular virtual machine platforms. Dubbed ‘Venom’ the zero-day flaw reportedly affects virtual floppy drive code used by computer virtualisation platforms. The vulnerability could allow attackers to gain access outside of an affected virtual machine, potentially putting sensitive information at risk.
Chris Oakley, Principal Security Consultant at cyber security consultancy, Nettitude, has made the following comments:
“It is not surprising that the attack vector for Venom lies in older and probably neglected code. We often see the highest impact attacks resulting from legacy code; the floppy disk controller that yields the Venom vulnerability is no exception. There are hints of Heartbleed in this regard, where the root cause was in the neglected but heavily relied upon OpenSSL library. In this case, though, the impact is arguably not as high.
“Via exploitation, an attacker can break out of their guest Operating System to gain full and high privileged access to the host Operating System. A successful attack would likely result in the compromise of multiple unrelated entities and could be set up simply by purchasing a cheap VPS on an affected cloud providers server. Unfortunately, even those individuals who have disabled the affected floppy disk controller remain vulnerable. As always, expedient patching will play a crucial role in defence. In this case, patching must be performed by the cloud provider at the host level.
“It remains to be seen exactly how widespread an impact this will have, but the prognosis is looking relatively positive. There is currently no public exploit code available and there is no known example of this vulnerability being exploited in the wild. Additionally, all of the affected major cloud companies have confirmed that they have patched Venom or are unaffected by it. Concerned VPS customers, especially of smaller and budget cloud providers, should contact their provider and seek a status confirmation.”
For more information about venom crowdstrike visit HERE
About Nettitude
About CrowdStrike
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.