On Wednesday, May 13, Crowdstrike researchers revealed a new zero-day vulnerability affecting a variety of virtualization platforms and cloud services. Dubbed VENOM, it allows attackers to break out of a virtual machine (VM), execute code on the host machine, and access any other VMs running on it. More information on this can be found on Crowdstrike’s VENOM website.
What is VENOM?
VENOM (CVE-2015-3456) is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. The zero-day vulnerability lies in a legacy common component in widely-used virtualization software, allowing a hacker to infiltrate potentially every machine across a datacenter's network.
What Customers Need to Know:
Symantec Customers Can Utilize Symantec Data Center Security: Server Advanced (formerly known as “Critical System Protection”) to secure their infrastructure
Although there are no reported and known exploits of this vulnerability in the wild, Symantec recommends that customers running potentially affected virtualization platforms and appliances (including OpenStack) and are running Symantec Data Center Security: Server Advanced (DCS:SA) to perform the following actions until they have patched the potentially affected platforms:
Symantec Data Center Security: Server Advanced (DCS:SA) monitors and orchestrates security hardening across on-premise data centers (both physical and virtual servers), public clouds (AWS), and private clouds (OpenStack). To find out more, see the DCS:SA Data Sheet
Symantec Data Center Security: Server Advanced is part of the Symantec Data Center Security product family, which also includes Symantec Data Center Security: Server, Control Compliance Suite, and the Symantec Protection Engine Brands (for NAS and Clouds).