Skip to main content

VMware addresses ESX source code leaks with accelerated security patches

posted onMay 9, 2012
by l33tdawg

At the end of April, Iain Mulholland, director of the VMware Security Response Center, announced that some of VMware's confidential source code for the ESX hypervisor had been leaked and a single file had been posted online. That same day, Kaspersky Lab's ThreatPost blog pointed to a hacker calling himself "Hardcore Charlie" as the person who leaked the VMware ESX hypervisor files.

At first, the full extent of the situation was unclear. Could this leak affect virtual data centers and cloud environments around the world, or would it end up being just a minor blip on the radar screen? The specifics of the leaked code are still in question, but the availability of ESX source code out in the wild could potentially give hackers a better chance to find undiscovered vulnerabilities in the company's hypervisor technology. The seriousness of this exposure depends on the level of code audit performed.

VMware's initial stance on the source code leak was discouraging. In his initial blog post, Mulholland seemed to downplay the event. He stated that the leaked code dated back to the 2003-2004 timeframe, and since VMware had made many revisions to the code in the years that followed, it seemed like a good possibility the leaked code could have been deprecated along the way, reducing any negative security affects it might have. Mulholland also tried to calm fears by saying, "The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers."

Source

Tags

VMWare Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th