Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Another Security Risk for the Cloud
May 19, 2015
Virtualization is a great technology and used by the majority of cloud providers. It enables condensing of computing resources to save space and energy and to maximize utilization. A recent security flaw has been discovered that impacts millions of virtual machines in datacenters. The bug is called “Venom” (Virtualized Environment Neglected Operations Manipulation) and has existed since 2004. The vulnerability allows someone to gain access to the hypervisor, the “heart” of the operating system that controls the virtual machines. This means that a user can have proper authority to access their VM, compromise the hypervisor and jump over to other VMs, which they are not authorized to access.
The vulnerability exists in the open-source emulator QEMU, which is used in modern virtualization platforms such as Xen, KVM and Oracle’s VirtualBox. The good news is that there is a patch available to fix the buggy code. The other good news is that the vulnerability does not exist in VMware, Microsoft Hyper-V and Bochs hypervisors.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com