The recent discovery of the security vulnerability known as VENOM once again highlights the risks organizations face when it comes to protecting their sensitive information.
What is VEMON?
VENOM, discovered by Jason Geffner of CrowdStrike, an endpoint security provider, can expose access to corporate intellectual property and sensitive and personally identifiable information, “potentially impacting the thousands of organizations and millions of end users that rely on affected (virtual machines) for the allocation of shared computing resources, as well as connectivity, storage, security and privacy,” the security firm says.
Who is Affected by VEMON?
According to security vendor Trend Micro, the flaw affects the open source QEMU virtualization platform, which provides virtualization capabilities similar to VMware or Microsoft’s Hyper-V.
Gartner describes leaders as those who offer services suitable for strategic adoption and have ambitious roadmaps. Leaders also have a track record of successful delivery, significant market share and “many referenceable customers.”
Additionally, less obvious technologies that depend on virtualization are at risk, says Dmitri Alperovitch, co-founder and CTO at CrowdStrike. “For example, security appliances that perform virtual detonation of malware often run these untrusted files with administrative privileges, potentially allowing an adversary to use the VENOM vulnerability to bypass, crash or gain code execution on the very device designed to detect malware,” he says.
The vulnerability exists in the virtual floppy drive code used by many computer virtualization platforms, CrowdStrike says. An attacker may be able to “escape” an affected virtual machine guest and gain code-execution access to the host system. In essence, the vulnerability could potentially give cyber-attackers heightened access to the host’s local network and adjacent systems.
Trend Micro says the vulnerability should be addressed as quickly as possible. “Similar to other open source vulnerabilities, like Heartbleed and Shellshock, obtaining and deploying patches will be a challenge due to the fractured nature of the ecosystem,” the vendor says. “Administrators should be prepared for these difficulties and plan for contingencies to mitigate those risks.”
Cloud services provider Amazon Web Services, which was recently identified by technology research and advisory firm Gartner, Inc. as a “Leader” in its Magic Quadrant for Cloud Infrastructure as a Service for 2015, says it is aware of the QEMU security issue. “There is no risk to AWS customer data or instances,” the company says.
Although the vulnerability isn’t as widespread as other recent bugs, it is the “worst type of vulnerability for virtual machine environments,” Trend Micro says. “Even if you’re not directly affected by this vulnerability, if you run virtual machines in your environment, you should use this new vulnerability as an indication it is time to plan your response and mitigations for the day when a vulnerability just like this will affect your environment.”
ADAPTURE is an IT solutions firm that helps companies and organizations achieve their technology goals. Whether you’re looking to the cloud or upgrading your technology, ADAPTURE works directly with your team to understand where you are and where you want to go with your infrastructure.