Discussion:
Hypervisor Security - A Major Concern
Add Reply
s***@gmail.com
2020-12-19 18:33:23 UTC
Reply
Permalink
The virtualization trend is still going strong, offering businesses streamlined resource management and massive cost-saving potential, but just like every technology, it has its fair share of security risks. In fact, a virtualization solution is only as secure as the hypervisors that support it.

VMWARE 66 CERTS
KVM 30 CERTS

Loading Image...

https://www.semanticscholar.org/paper/A-Systematic-Review-of-Vulnerabilities-in-and-Their-Shahzad/25f979225153aaaec873ef238bec363cd600292e
Michael C
2020-12-19 18:42:53 UTC
Reply
Permalink
Post by s***@gmail.com
The virtualization trend is still going strong, offering businesses streamlined resource management and massive cost-saving potential, but just like every technology, it has its fair share of security risks. In fact, a virtualization solution is only as secure as the hypervisors that support it.
VMWARE 66 CERTS
KVM 30 CERTS
https://d3i71xaburhd42.cloudfront.net/25f979225153aaaec873ef238bec363cd600292e/6-Table2-1.png
https://www.semanticscholar.org/paper/A-Systematic-Review-of-Vulnerabilities-in-and-Their-Shahzad/25f979225153aaaec873ef238bec363cd600292e
just this year


VMware Releases Security Updates - Updated October 20, 2020
Created: Thursday, October 22, 2020 - 10:44
Categories: Cybersecurity

October 20, 2020

VMware has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0023 and apply the necessary updates or workarounds. Read the advisory at CISA.

July 10, 2020

VMware has released security updates to address a vulnerability in VMware Fusion, Remote Console, and Horizon Client. An attacker could exploit this vulnerability to take control of an affected system. ISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0017 and apply the necessary updates. Read the advisory at CISA.

July 8, 2020

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0016 and apply the necessary update. Read the advisory at CISA.

June 24, 2020

VMware has released security updates to address multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0015 and apply the necessary updates or workarounds. Access the advisory at CISA.

June 10, 2020

VMware has released a security update to address a vulnerability in Horizon Client for Windows. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0013 and apply the necessary update. Read the advisory at CISA.

May 29, 2020

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates. Read the advisory at CISA.

April 29, 2020

VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0008 and apply the necessary updates. Read the advisory at CISA.

April 10, 2020

VMware has released security updates to address a vulnerability in VMware Directory Service (vmdir). An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0006 and apply the necessary updates. Read the advisory at CISA.

March 16, 2020

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0004 and apply the necessary updates. Read the advisory at CISA.

February 19, 2020

VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2020-0003 and apply the necessary updates. Read the advisory at CISA.
Scott Dorsey
2020-12-19 18:57:33 UTC
Reply
Permalink
The virtualization trend is still going strong, offering businesses streaml=
ined resource management and massive cost-saving potential, but just like e=
very technology, it has its fair share of security risks. In fact, a virtua=
lization solution is only as secure as the hypervisors that support it.
This is in every way true. Code has bugs, bugs cause vulnerability, and
the more code you have running the more chances for vulnerabilities you
have. The key to security is to run as little as possible, run as much
of it in user mode that you can, and review what you run.

This is why VSI gives you the option of running on bare metal on certified
hardware, if that is a concern for you. If you are willing to pay money
for better security, you can have better security. If you are willing to
live with a slightly increased risk of vulnerabilities, you can pay less
for generic hardware.

All of these issues were discussed a year ago in this very newsgroup and
it seems very silly to be dragging this whole discussion back up all over
again.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
Rich Alderson
2020-12-20 02:25:35 UTC
Reply
Permalink
***@panix.com (Scott Dorsey) writes:

[ snip ]
Post by Scott Dorsey
All of these issues were discussed a year ago in this very newsgroup and
it seems very silly to be dragging this whole discussion back up all over
again.
+1.
--
Rich Alderson ***@alderson.users.panix.com
Audendum est, et veritas investiganda; quam etiamsi non assequamur,
omnino tamen proprius, quam nunc sumus, ad eam perveniemus.
--Galen
Loading...