Using Virtual Machines? Beware of VENOM

Arpan SinhaCyber Security

VENOM is a security vulnerability in floppy drive codes in various virtual computer platforms. It is a backronym for Virtualized Environment Neglected Operations Manipulation, which basically means that in a virtual machine, there are some neglected operations, i.e. the virtual floppy drive codes, which have been manipulated and hence are causing the guest platform to literally break out and affect the host machine.

A Virtual Machine (VM) is the guest that runs upon the physical host computer. The guest has no clue about the host and/or other guest machines. It considers itself an all-inclusive computer, but actually it only has a virtual presence. A VM can run many different operating systems and applications, which are separated by a virtual layer called “hyper-visor” and hence doesn’t affect the real physical computer’s operating system, or the applications. Virtualization techniques are generally implemented for sharing servers, running softwares that don’t run on host, investigating programs that are suspicious, etc.

The VENOM vulnerability allows the attacker to step out of the bounds of a VM guest, and potentially obtain access to the host, where it can easily execute any code and could give access to local network and adjacent guest systems.

Accordingto CrowdStrike, the people who discovered this vulnerability, “Abuse of this vulnerability can open access to Intellectual Property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting thousands of organisations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.”

This means even if you’re not using a VM, you can get affected by the VENOM vulnerability if you’re using a software which runs VM to allocate servers, or save data. You must be wondering what to do now? Well, there’s nothing we can do now, except for taking precautions. Follow these steps to avoid the risk to some extent:

  • Regularly update your Virtual Machine software, especially if it’s based on QEMU (Quick Emulator). VirtualBox, Xen and KVM are some examples of QEMU based Virtual Machines. Various patches are available which guarantee a certain level of security. Install them.
  • Ask your cloud service providers to regularly patch up their softwares.
  • Keep looking for updates on VENOM vulnerability.

And keep using Virtual Machines if you’re using them now. They’re too useful to abandon.

image source:

image source: