According to HelpNet Security, “CrowdStrike researchers have recently discovered a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms, which could be exploited by attackers to escape the confines of the virtual machine and to gain code-execution access to the underlying host machine, other VMs running on that host, and potentially to the the host’s local network and neighbouring systems.”
“Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy,” they explained.
“The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase,” the researchers shared. If you’re wondering why it is still added to new virtual machines by default, it’s because it’s still occasionally used in a number of situations.
“If you administer a system running Xen, KVM, or the native QEMU client, review and apply the latest patches developed to address this vulnerability,” the researchers advised.
“If you have a vendor service or device using one of the affected hypervisors, contact the vendor’s support team to see if their staff has applied the latest VENOM patches.”