Wednesday, May 13, 2015

VENOM - Perfect Name for a BUG




Good news is that the patch would be available tomorrow
Bad news is that we won't know if it  would be applied immediately by our  cloud vendors


From the Article:

Affected platforms include Xen hypervisors, KVM, Oracle VM VirtualBox and the native QEMU client. Geffner estimates that these machines account for the majority of the virtual machine market, due to their widespread use by cloud computing services, infrastructure as a service providers and appliance vendors.

It's a stealthy back door into corporate networks that is hard to detect with current security technology, he said.

To add insult to injury, even if administrators have disabled the virtual floppy drive code -- because really, who uses floppy drives? -- another, totally unrelated bug, still allows that code to be accessed.



For more details follow the link below:
http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html

No comments:

Post a Comment