Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Oracle Issues VENOM Security Updates

Oracle has released updates for its products to address the VENOM vulnerability impacting virtual environments.

Oracle has released updates for its products to address the VENOM vulnerability impacting virtual environments.

VENOM was publicly disclosed last week. Its name stands for Virtualized Environment Neglected Operations Manipulation (VENOM). The bug resides in QEMU’s virtual Floppy Disk Controller, and is used in numerous virtualization platforms including Xen and the native QEMU client. The vulnerability was discovered by a researcher at CrowdStrike, and has existed since 2004.

The bug is agnostic of both the host and guest operating system. In order to exploit it, an attacker – or their malware -would need administrative or root privileges in the guest operating system. While there has been some discussion about comparing its severity to the Heartbleed bug, experts agree the VENOM vulnerability should be patched as soon as possible. 

“Oracle has decided to issue this Security Alert based on a number of factors, including the potential impact of a successful exploitation of this vulnerability, the amount of detailed information publicly available about this flaw, and initial reports of exploit code already ‘in the wild’,” blogged Eric Maurice, software security assurance director at Oracle. “Oracle further recommends that customers apply the relevant fixes as soon as they become available.”

According to Oracle, Oracle Linux, Oracle Virtual Compute Appliance, Oracle VM and Oracle VM VirtualBox have updates to address the bugHowever, the company also stated that the following products include QEMU but do not yet have updates available: Oracle Database Appliance, Oracle Exadata Database Machine, Oracle Exalogic Elastic Cloud and Oracle Exalytics In-Memory Machine.

“Oracle is investigating and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against this vulnerability,” according to Oracle’s advisory. “The product lists will be updated without additional emails being sent to customers and OTN Security Alerts subscribers. Thus, customers will need to check back for updates.”

Given its potential impact, VENOM can be big if an organization moves too slowly to address the threat, said Kapil Raina, a member of the Cloud Security Alliance’s Virtualization Working Group and head of product marketing at Elastica.

“The fact that it can be patched will limit the damage, but it will require an organization to schedule downtime and update their systems — not always possible immediately in every environment,” said Raina.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.