[Woc-notify] [nitc] FW: VENOM vulnerability

Skaggs, Gary A. gskaggs at ou.edu
Thu May 14 01:19:24 UTC 2015 

For all of you running VMs, a good/timely read.

Gary


From: <Kurz>, "Kenneth J." <kkurz at ou.edu<mailto:kkurz at ou.edu>>
Date: Wednesday, May 13, 2015 at 7:32 PM
To: Norman-Networking <network at ou.edu<mailto:network at ou.edu>>, "Security (Norman)" <security at ou.edu<mailto:security at ou.edu>>, unix_group <unix at ou.edu<mailto:unix at ou.edu>>, "Steward, Shad (HSC)" <Shad-Steward at ouhsc.edu<mailto:Shad-Steward at ouhsc.edu>>, "Saliba, Dana M. (HSC)" <Dana-Saliba at ouhsc.edu<mailto:Dana-Saliba at ouhsc.edu>>, "Moore, Randy W. (HSC)" <Randy-Moore at ouhsc.edu<mailto:Randy-Moore at ouhsc.edu>>, "Smith, Bryan E. (IT) (HSC)" <Bryan-E-Smith at ouhsc.edu<mailto:Bryan-E-Smith at ouhsc.edu>>, "Bighorse, Aaron L." <bighorse at ou.edu<mailto:bighorse at ou.edu>>, "George, Kendall A." <kendallg at ou.edu<mailto:kendallg at ou.edu>>
Subject: VENOM vulnerability

All,

Attached is the best summary I’ve seen about the VENOM vulnerability that is making headlines.  It is a vulnerability than can open access to host systems (once a running VM is compromised) and all other VM’s running on a host.  VMWare and Hyper-V are NOT affected.

The reason I forwarded on is I know there are a number of people running Virtualbox, ubuntu, redhat, etc, to run VMs.  They are all affected.  As well as products by Fireeye, F5, others, etc.  Info is at the link below.

http://venom.crowdstrike.com/

Ken

-----------------------------------------------
Ken Kurz, CISSP
Executive Director, Networking, Information Security & Risk Management
University of Oklahoma Information Technology
405-325-6441 – O
405-534-6079 – C
www.ou.edu/ouit<http://www.ou.edu/ouit>
-----------------------------------------------


---
You are currently subscribed to nitc as: woc-notify at list.woc.noaa.gov.
To unsubscribe click here: http://lists.nwc.ou.edu/u?id=47164.3d6e8cdf62c3b687501808cc1203704d&n=T&l=nitc&o=706549
or send a blank email to leave-706549-47164.3d6e8cdf62c3b687501808cc1203704d at lists.nwc.ou.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/woc-notify/attachments/20150514/71e2a811/attachment-0001.html>

More information about the Woc-notify mailing list