The CrowStrike researchers discovered that any attacker can burst out of specific virtual machines and exploit whatever is running nearby — The most disturbing fact revealed is that a portion of cloud-hosted network may also be running on that same system.
This revelation nullifies the claim that these vessels are extremely strong and protective.
A critical security flaw has been discovered that allow attackers to access virtual machines freely.
Jason Geffner and a team of researchers at CrowdStrike, an Irvine, California-based security firm, reported the detection of the zero-day vulnerability. Zero-day vulnerability means a previously identified computer bug has been identified within a common virtual machine medium.
Virtual machines are actually computers that are simulated within computers and prevent the networks on these machines from impacting each other. Virtual machines are definitely an efficient method to manage massive computer resources at the same time keeping them secure and isolated.
The bug has been named “Venom” which is an abbreviation of “virtualized environment neglected operations manipulation.” Researchers state that this bug affects a technology called hypervisor. This basically controls and coordinates the system that is being controlled by virtual machines.
Venom affects Quick Emulator/QEMU, which is a decades-old, open-source and free hypervisor. It is used in numerous common virtualization products such as KVM (or “kernel-based virtual machine”), Xen hypervisors, the native QEMU client and Oracle VM VirtualBox. On the other hand, the products that don’t get affected are Microsoft Hyper-V and EMC-owned VMWare VMW -0.25%.
According to Jason Geffner, CrowdStrike’s senior security researcher who actually identified this flaw, “this destroys the isolation myth that you can have something run a virtual machine and have it be isolated from everything else. This bug lets you escape a container and get into all other containers. Even if you don’t use these services directly, the chances are that accounts which store your personal data run these products.”
CrowdStrike assessed that Venom could put countless organizations and tens of thousands of users at risk.
Geffner states: “With Venom, you’re able to break out of a virtual machine on a system and get access to other data on that system’s network” and the attackers may exploit it to “execute whatever code they like” simply by overwriting sensitive portions of a machine’s memory.
As a long-term remedy, Dan Kaminsky, White Ops security firm co-founder and researcher, suggests that users should tell their cloud service providers that they only will allow sharing of workflow with people within the company or the domain. It is important to isolate the hardware “if you have this sort of bug that can jump from their little piece of a server to your little piece of a serve. The best way to avoid that is to not have anyone else on your server.” He says that it definitely “costs more, but you’re basically outbidding your attackers
CrowdStrike, says Geffner, has alerted all the major software merchants that utilize this risky QEMU code and the team is working closely with them to resolve the issue.
Geffner hopes and expects that “the good guys are able to patch their systems before the bad guys get access to it.”