Skip to main content

The VENOM “virtual machine escape” bug – what you need to know

By May 15, 2015October 31st, 2015IT Support in Toronto

The VENOM “virtual machine escape” bug – what you need to know

Here’s what you need to know about VENOM, the latest security vulnerability to be given a marketing-friendly name.

If you’re using any virtual machines, read this to set your mind at rest…

Very Venomous Vulnerability

The latest vulnerability making waves in the security space is Virtualized Environment Neglected Operations Manipulation, or VENOM. Discovered by CrowdStrike, the “critical” vulnerability has drawn many comparisons to the notorious Heartbleed vulnerability for its wide reach.

Here are six things you need to know about this potential danger.

It Affects Virtual Machines

The source of VENOM stems from the virtual floppy disk controller that is included in QEMU, a generic open source processor emulator and virtualizer. QEMU allows operating systems and applications written for one platform to be run on another. According to the QEMU open source project, QEMU offers “very good performance” with dynamic translation, as well as “near native performance” with virtual machines.

QEMU is used in Xen and KVM versions of Linux.

How VENOM Works

VENOM could work by letting an attacker running a virtual machine in a virtualized or cloud environment escape its virtual machine guest and “obtain code-execution access to the host,” according to CrowdStrike. It also has the potential to open up access to the host system and all other virtual machines in the host, and potentially gain access to the host’s network and other systems.

That, according to CrowdStrike, could lead to unauthorized access of corporate intellectual property and personally identifiable information stored in other virtual machines.

Wait … Floppy Disks?

Although floppy disk drives haven’t been sold with new PCs for years, and floppy disk use is limited to very old machines or in certain legacy equipment, QEMU has had a virtual floppy disk controller since 2004 as part of an effort to emulate as much of a PC system as possible.

CrowdStrike said that administrators in Xen and QEMU environments can disable the virtual floppy drive, but an unrelated bug “causes the vulnerable FDC code to remain active and exploitable by attackers.”

Are your systems optimized for maximum speed and performance? (I can tell you, 99% of the computer networks we review are NOT.)

Call Group 4 Networks your IT Support provider from Toronto to help you with all your IT needs.