Another month, another mega-vulnerability. If you haven’t already heard about the VENOM vulnerability, you will. It’s being compared to Heartbleed and could have widespread security implications for cloud service providers. It’s certainly the largest vulnerability discovered so far this year.
Most cloud providers use virtualization technology to “share” a single server’s hardware among many operating systems that host customer data. The VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability could allow a hacker to break out of a single virtual machine and take control of the underlying hypervisor, which controls all of the virtual machines. This is bad. Any data passed through a network compromised by the VENOM vulnerability is at risk, including logins, passwords, bank accounts and other highly sensitive information.
The vulnerability accomplishes this through a bug in the virtual Floppy Disk Controller used by XEN, KVM and the native QEMU client software, which are found in many virtualization platforms and appliances.
Is Core Technologies affected?
There is no risk to the data of Ascend Technologies’ customers; Core Technologies’ services are not susceptible to the VENOM vulnerability.
What should you do?
If you’re using other cloud-based services outside of Core Technologies, we encourage you to check with those providers to see if they are affected and have patches available. Check their blog posts, Twitter or other public statements. If they aren’t saying anything (not a good sign), then ask them. Send an email to their support team or sales team.
Want to find out more?
Our support team is happy to answer any questions you may have about this vulnerability. Give us a call at (770) 788-8089.