A new vulnerability ‘VENOM’ has been discovered by some the security researchers that can allow hackers to gain full control over the servers.
The vulnerability is worse than the notorious HeartBleed, as it enables the attacker to gain the control, not just on a part of the server, but the entire infrastructure that is running virtual machines.
The modern server concept lies in the fact that several clients can be given their separate space with the help of virtualization. Several operating systems sharing the common resources are made run on the servers with hypervisor or other software that are used for virtualization. Reports suggest that a majority of servers that are involved in the virtualization are affected by this vulnerability.
‘VENOM’ or “Virtualized Environment Neglected Operations Manipulation” can allow the hackers to gain the access to entire hypervisor and network connected devices in that particular data center.
The cause of this vulnerability is the legacy floppy disk controller, which if sent a specially crafted malicious code, can crash the entire hypervisor to leverage the permissions and root access.
However, most of the modern servers do not have such controllers, so does that mean that the server admins need to worry about the vulnerability.
A majority of the server admins do not provide virtualization with floppy disk emulation, which in turn eliminates the risk factor of this vulnerability. However, the admins who have provided their clients with such emulations need to worry and fix the vulnerability as soon as possible. There isn’t any such fix for it right now, but removing the emulation is the best solution so far.
A recent report suggested that VMware, Microsoft Hyper-V, and Bochs hypervisors aren’t affected by this vulnerability, which means a majority of admins can sit back and relax about this issue. The bug has been here since 2004 but was found only a few days ago.