VENOM vulnerability image

There’s a new vulnerability creating a buzz in the IT industry – particularly with respect to virtual servers. It’s called the Virtualized Environment Neglected Operations Manipulation, but you probably know it as VENOM. This vulnerability is exposing sensitive data and compromising shared computing resources by exploiting the weaknesses in the virtual floppy drive code used in some virtualization platforms. That means that connectivity and privacy are both at risk!

How VENOM Works

VENOM starts by infecting a single container, or virtual machine. The breach then spreads across an entire hypervisor, moving to other VMs on the server. At this stage, the contamination also creeps into the host network, which enables the vulnerability to access more data across the system. Before you know it, the entire network is compromised.

Who Is at Risk?

The VENOM vulnerability is found in the hypervisor’s code itself, so no operating systems are totally safe from the threat. The VENOM injection would, however, require admin or root privileges on the server to impact it. VENOM is found in QEMU’s Floppy Disk Controller, which is found in several notable hypervisors – including KVM, Xen and VirtualBox. Patches are available for several hosting providers and operating systems, including Red Hat, Ubuntu and Debian.

Does This Affect URPad?

URPad.net has not experienced any signs of VENOM. Our virtual machines are powered by OpenVZ, which has yet to report any cases of being compromised. We are, however, watching this issue very closely to be sure no infections are able to reach our users. If you have any additional questions about the integrity of our network, or how we can help protect your data, use the LiveChat feature on our website or call us directly to speak with one of our Systems Experts about the safety of your server.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>