A virtual server bug is said to be worse than Heartbleed

Billy Steele
B. Steele|05.13.15

Sponsored Links

A virtual server bug is said to be worse than Heartbleed

In case you were napping, Heartbleed struck web servers' OpenSSL security last year, opening up the servers' memory to intruders. There's a new so-called zero-day vulnerability, only this time the researchers who discovered it say it's much worse, impacting millions of datacenter machines. The flaw is called Venom, which stands for Virtualized Environment Neglected Operations Manipulation. What does that mean? With the common practice of putting multiple customers into virtual servers, datacenters are setup to share some key tools, but sensitive information remains separated. Thanks to Venom, though, a hacker can gain access to a datacenters' entire storage network, leaving all of the customers on it vulnerable. As you might expect, the issue resides in an often ignored virtual floppy disk controller, but when it's exploited, it's like opening up a vault of stored info. As ZDNet reports, many modern virtual systems contain the bug -- platforms like Oracle's VirtualBox, KVM and Xen. The good news is Oracle says it already remedied the issue, and will nix it completely in forthcoming update.

[Image credit: Marvel via Getty images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget