GoGrid regularly reviews, analyzes, and ranks recently published security vulnerabilities as part of its security program. We typically address security vulnerabilities that pose a risk to GoGrid’s digital ecosystem during our regular patch cycle. However, critical security vulnerabilities require immediate action. Such was the case with last week’s security advisory that impacted software such as Xen, FreeBSD, NetBSD, and some versions of Microsoft Windows. You can find specifics of the security advisory here: http://lists.xen.org/archives/html/xen-announce/2012-06/.
The vulnerability meant a system admin running a 64-bit paravirtualized (PV) guest (such as Windows 2008 R2 or a Linux 64-bit distribution) on a 64-bit hypervisor could gain kernel-level access by successfully exploiting Intel’s SYSRET design implementation. This vulnerability isn’t unique to Xen or even to virtualized environments. In fact, any guest user—that is, someone with non-administrator privileges—with logical access to a stand-alone server running NetBSD, FreeBSD, Microsoft Windows 7, or Windows 2008 R2 can perform a similar exploit against the OS and gain unauthorized access.
GoGrid’s Security team determined that the vulnerability exposed our customers to an attacker potentially gaining access to their virtualized systems. Even more important, GoGrid’s Security team determined the vulnerability was a prime target for a “zero-day exploit”—one that could occur on the same day the vulnerability becomes generally known.
As a result, we took immediate action: We downloaded and tested the patch, engaged on of our outside security firm partners to gain intelligence on how the Black Hat community perceived the vulnerability, scheduled an emergency patch rollout over the weekend, and deployed the security patch across all impacted systems.
On June 18, 2012, GoGrid Security team confirmed that an exploit had been published and is now circulating on the Internet.
We appreciate your understanding and support in allowing us to continue providing you with a safe, secure, and stable environment.
Latest posts by Mario Duarte (see all)
- How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2) - January 29, 2013
- How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1) - January 28, 2013
- Security Basics: 4 Steps to Tighten up Linux Security - November 20, 2012