Using Virtual Machines? Beware of VENOM

Arpan SinhaCyber Security

What is the VENOM?

VENOM is a security vulnerability in floppy drive codes in various virtual computer platforms. It is a backronym for Virtualized Environment Neglected Operations Manipulation, which basically means that in a virtual machine, there are some neglected operations, i.e. the virtual floppy drive codes, which have been manipulated and hence are causing the guest platform to literally break out and affect the host machine.

A Virtual Machine (VM) is the guest that runs upon the physical host computer. The guest has no clue about the host and/or other guest machines. It considers itself an all-inclusive computer, but actually, it only has a virtual presence. A VM can run many different operating systems and applications, separated by a virtual layer called “hypervisor”. Hence, this doesn’t affect the real physical computer’s operating system or the applications. Virtualization techniques are generally implemented for sharing servers, running softwares that don’t run on a host, investigating programs that are suspicious, etc.

How does a hacker benefit from this vulnerability?

The VENOM vulnerability allows the attacker to step out of the bounds of a VM guest, and potentially obtain access to the host, where it can easily execute any code and could give access to a local network and adjacent guest systems.

According to CrowdStrike, the people who discovered this vulnerability, “Abuse of this vulnerability can open access to Intellectual Property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting thousands of organisations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.”

This means even if you’re not using a VM, the VENOM vulnerability can affect you. This will happen even if you’re using software which runs a VM to allocate servers, or save data. You must be wondering what to do now? Well, there’s nothing we can do now, except for taking precautions. Follow these steps to avoid the risk to some extent:

  • Regularly update your Virtual Machine software, especially if it’s based on QEMU (Quick Emulator). VirtualBox, Xen and KVM are some examples of QEMU-based Virtual Machines. Various patches are available which guarantee a certain level of security. Install them.
  • Ask your cloud service providers to regularly patch up their softwares.
  • Keep looking for updates on the VENOM vulnerability.

And keep using Virtual Machines if you’re using them now. They’re too useful to abandon.

image source: http://venom.crowdstrike.com/

image source: http://venom.crowdstrike.com/