Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
read more
David Heath
Wednesday, 15 April 2009 19:03
On April 3rd, VMware released two sets of updates. The first addressed problems with "openssl, bind and vim." The second was for "multiple security issues."
It turns out that the "multiple security issues" are rather serious. In fact they gave rise to an additional advisory rated 'critical' by the folks at VMware.
The vulnerability allows a task running in the hosted virtual environment to execute code on the host Operating System.
This is serious. Very serious.
As part of the push to green the data centre many organisations are turning to virtual machine environments to enable highly separated, independent tasks to run concurrently on a single physical device. Hosted websites for SMEs are an obvious example.
Now we find that any one of those virtual machines can influence the base OS, and by implication have dire effects upon other virtual environments on the same system. There is a rolling demo of the exploit here.
Immediately following the first two updates, SANS reported the release of an exploit (only available for payment to the developers) and subsequently a whitepaper (also attracting a fee) that details the attack. Oddly SANS chose not to publish links!
It seems that VMware have fixed the problem – the third advisory specifies the minimum version levels of all VMware products required to defeat the issue. However, this is the first time that an inter-machine vulnerability has been identified, something we were always assured couldn't happen.
Loading comments ...
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
LATEST HEADLINES FROM YOUR IT
