May 13, 2015

A critical security alert affecting virtualized environments - VENOM CVE-2015-3456 - was announced today by the team at CrowdStrike.

What is VENOM and how does it affect me?

VENOM is a software vulnerability found in QEMU's floppy drive controller and may allow an attacker to potentially execute malicious code on the host node with elevated privileges. Although there are no known available exploits for this vulnerability, the security team at Vultr has handled this advisory with the highest of urgency.

Am I safe? What do I have to do?

Vultr customers are already protected and don't need to take any specific action. The Vultr security team has rolled out a security update which has been transparently applied to all affected instances. Our teams will continue to diligently review and monitor the global platform and keep you updated of any issues.

As always, send us your feedback on our contact page or by tweeting @Vultr.