In advance of next week's VMworld conference in San Francisco, I recently sat down with Steve Herrod, Chief Technology Officer and Senior Vice President of Research & Development at VMware.
Our discussion hinges on the intriguing concept of the software-defined datacenter. We look at how some of the most important attributes of datacenter capabilities and performance are now squarely under the domain of software enablement.
VMware has released security patches for its Workstation, Player, Fusion, ESXi and ESX products in order to address two vulnerabilities that could allow attackers to compromise the host system or crash a virtual machine.
The more serious vulnerability is identified as CVE-2012-3288 and stems from an improper validation of input data when loading virtual machine checkpoint files, the virtualisation said in a security advisory.
The U.S. Computer Emergency Readiness Team (CERT) has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.
The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.
From the advisory:follow Ryan Naraine on twitter
At the end of April, Iain Mulholland, director of the VMware Security Response Center, announced that some of VMware's confidential source code for the ESX hypervisor had been leaked and a single file had been posted online. That same day, Kaspersky Lab's ThreatPost blog pointed to a hacker calling himself "Hardcore Charlie" as the person who leaked the VMware ESX hypervisor files.
VMware has confirmed that a portion the the source code for its ESX hypervisor was compromised, although the code dates back as early as 2003. That said, a fairly significant portion of the company's customers are still using the platform as VMware works to push them towards its newer hypervisor called ESXi.
Cisco today announced a former VMware executive will head up the newly formed Cisco Security Group at Cisco, which combines two formerly separate units into one security-focused group.
