Virtualization Technology News and Information
VMware Users Urged to Apply Security Updates of ESX with More Code Leaks

Once more it seems, VMware ESX source code has been leaked and posted online for would be hackers looking to cause chaos.  A Netherlands-based hacker known as Stun claimed to be affiliated with Anonymous and tweeted a link to a torrent site hosting the stolen VMkernel source code. Tweeting: "WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED"

VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed that this is the source code for its ESX hypervisor platform.  But said the code is dated back to an earlier release of the product, going back to 1998-2004.

But in response to that, Stun wrote:  "VMware will try to make like this Kernel is old and isn’t used in its recent products. But thank god, there is still such a thing as reverse engineering that will prove its true destiny."  He added, "Little sidenote about this release, it is the VMKernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same."

Mulholland warned that more related files could be posted in the future.  That’s a similar warning he gave back in April and May when the first batches of ESX source code were leaked online.

"As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment," he said.  Customers can find the security patch information in VMware’s Knowledge Base resource.

He also recommended customers review VMware's security hardening guides

VMware’s Security Response Center is currently investigating the posting of the full source code on Twitter. 

Published Thursday, November 08, 2012 7:01 AM by David Marshall
VMware Users Urged to Apply Security Updates of ESX with More Code Leaks « VT News - (Author's Link) - November 8, 2012 10:40 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2012>