VENOM: A Good Excuse to Review Your Vulnerability Response Plan

On Tuesday, researchers from CrowdStrike disclosed a potentially dangerous vulnerability, “Virtualized Environment Neglected Operations Manipulation” (VENOM), which allows attackers to escape a virtual machine and access any virtual environment with completely unfettered access.

This vulnerability exists in the rarely used Floppy Disk Controller (FDC) of numerous virtualization platforms (Xen, KVM, and QEMU) and has been around since 2004 with no known exploits in the wild.

Additionally, CrowdStrike followed the appropriate protocols before publishing their findings, allowing providers that use the impacted virtualization platforms to provide patches. We also have taken the necessary steps to ensure our Security-as-a-Service platform is not impacted by this vulnerability.

As with any vulnerability, make sure your impacted virtualization platforms are patched and up to date. If you are working with a hosting or cloud provider, check with them to ensure they are on top of the situation.

While the impact of VENOM could be disastrous, more than likely, the impact will be very limited. Nevertheless, VENOM does give us the opportunity to make sure our vulnerability response plans are in order.

Patching is just the beginning, though. A response plan has multiple components. Download our Vulnerability Best Practices whitepaper for a simple, six-step plan for effective vulnerability response. [View the webinar here.]

Effective Vulnerability Response

To get the latest on threats and vulnerabilities delivered straight to your inbox, sign up for the Weekly Threat Report.