The latest significant IT security threat, VENOM, i.e. Virtual Environment Neglected Operations Management was first discovered by CrowdStrike and affects all virtual machines which are running in a Linux Zen or KVM environment with a virtual QEMU floppy disk installed. However, even people who are not using or have disabled their QEMU floppy drive are still vulnerable to the virus. In fact as CrowdStrike asserts, although the floppy drive can be disabled on QEMU and Zen systems, “an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers”.
Although floppy drives have not been included with computers in years, QEMU has had a virtual floppy disk controller since 2002 to emulate a PC as realistically as possible. The VENOM vulnerability works by letting an attacker in a virtualized or cloud environment escape its virtual machine guest and “obtain code-execution to the host”. Moreover, VENOM has the potential to open up access to the host and all other virtual machines that are connected to the network and system. This could in turn lead to unauthorized access to corporate intellectual property and personally identifiable information stored on other virtual machines. Nonetheless, VENOM is fairly difficult to exploit, since it requires that an attacker or malware have guest administrative or root permissions to gain access to your virtual machine.
The good news is that so far, there have been no known exploits found for the VENOM vulnerability, unlike the Heartbleed virus, which had numerous exploits. In addition, there has already been a patch created, which you can download from the CrowdStrike website. Also, due to the already widespread publicity of the VENOM vulnerability, it will likely only affect a small amount of Linux virtual machines who have installed QEMU. Whereas the Heartbleed vulnerability was found after it had already been exploited and used for a number of years on the popular OpenSSL cryptographic software library.
What happens if a hacker does get into your system? IPR offers many solutions to protect your company’s most precious data. Call us for a consultation today! at 877.282.4873.