Search
Homepage This page's url is: -crn-
Latest News Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
All Carousels Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
Threat Management Cloud Backup and Recovery Edge Computing Managed Services Enterprise Application Software SIEM Data Center Storage Industry Trends Software-defined Data Center Managed Security Running Your Business Digital Transformation IoT Platforms Cloud Security Network Communications
HP Toner and Ink Veeam Avaya RSA Wasabi ConnectWise
Scale Computing Learning Center Women of the Channel Showcase Sophos Cybersecurity Learning Center Comodo CyberSecurity Silver Peak Learning Center Disaster Recovery Learning Center Cohesity Learning Center Epson Hassle-Free Printing Hub NetApp Data Driven Learning Center Comcast Business Learning Center BlackBerry Cylance Learning Center Eaton Learning Center Commvault Learning Center Intermedia: Uniting Communication and Collaboration Symantec Cloud Security Learning Center HPE Zone
Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom Lenovo Newsroom Nutanix Newsroom Cisco Live Newsroom HPE Zone Tech Provider Zone

VMware Confirms ESX Server Hypervisor Source Code Leak

VMware says it's looking into the source of a breach in which ESX server hypervisor code was posted online; says customers not necessarily at risk.

By Kevin McLaughlin April 24, 2012, 05:54 PM EDT

In a tersely worded blog post, Iain Mulholland, director of VMware's Security Response Center, said the posted ESX code and associated commentary was created between 2003 and 2004.

Mulholland did not provide additional details on the leaked code but said the fact that it has been made public does not necessarily put VMware customers at risk.

Given the large number of service providers that run vSphere, security issues in ESX could potentially have a broad and widespread impact, according to security researchers.

"A serious zero day to the hypervisor could be disastrous to a lot of customers," said Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security solution provider.

Chris Ward, vice president of consulting and integration at Greenpages, a Kittery, Maine-based solution provider, said the potential risks -- to VMware and its customers -- depend on what type of ESX code has been compromised.

"If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal," Ward said. "However, if the code contains some of the more proprietary stuff, then it is a potential security risk -- as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it."

VMware says it is looking into the matter and will be canvassing its industry partners and developers in order to determine the source of the breach.

"VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today," Mulholland said in the blog post. "We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate."

The ESX hypervisor has helped VMware take a dominant position in the server virtualization market. In 2008, VMware introduced a smaller, streamlined version of ESX -- called ESXi -- which is embedded in server motherboards.

VMware began using ESXi as its primary hypervisor in vSphere 5, in which it enables key features such as automatic deployment of hosts.

Related Topics:
Back to Top

Video

 

sponsored resources

Copyright The Channel Company, All rights reserved