Clients –
A new security threat is getting some headlines. It is called VENOM (Virtualized Environment Neglected Operations Manipulation).
This is a serious security hole, which allows an attacker to move from within one virtual machine, across the virtual host, and into other virtual machines.
The vulnerability affects the decade-old free and open source hypervisor called Quick Emulator (QEMU).
VMWare and Microsoft Hyper-V are not affected by the VENOM vulnerability.
Key Points:
- No client servers under the management of 365 Technologies are at risk for the VENOM vulnerability (all of our virtualization installs use either VMware or Hyper-V).
- No 365 product, including 365Phoenix, Crash Plan, or 365MailSafe operate on servers using QEMU.
Should you have specific questions or concerns, please contact our team at 1-877-343-3155. Further information on the VENOM bug can be found here: http://venom.crowdstrike.com/
We will continue to monitor the emerging threat landscape, and keep you up to date.