You should bring this Support Notice to the attention of your Information Technology (IT) department or webmaster.
A critical security vulnerability known as Virtualized Environment Neglected Operations Manipulation (VENOM) allows attackers to access virtual machines.
Virtual machines are computers simulated within other computers and are presumed to be isolated and secure. The VENOM vulnerability allows an attacker to leave one virtual machine, gain access to other virtual machines operating on the same host, and ultimately gain access to the host.
Exploitation of VENOM can compromise credentials, intellectual property, Personally Identifiable Information and other confidential or sensitive information.
There is no impact to Essent products and services.
Essent virtualization technology is not vulnerable to VENOM.
Essent was aware of this problem from its announcement and immediately took action to verify that no Essent offerings or Facility Management Support (FMS) service subscribers were vulnerable.
All business and commerce products including Compass™, SiteBuilder™, PunchOutNow™, Direct2Decoration™, and OrderTrax™ are not affected. The Essent Commerce Cloud™ is not affected by this vulnerability. Essent security products, like the Netset™ Network Security Appliance, are not vulnerable to VENOM.
No corrective action is required as it pertains to Essent offerings or FMS.
Essent encourages customers running Virtual Machines to perform their own evaluations of these environments. Further information and remediation options are at venom.crowdstrike.com.
This vulnerability has been assigned CVE identifier CVE-2015-3456.
According to CrowdStrike: "VENOM … is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”
Get the latest Essent Support Notices delivered right to your email inbox.
Essent is the leading provider of fully-integrated business management software solutions and services for process-intensive industries and the largest trading network for the promotional products industry. The Essent family of fully-integrated products and services combines best practices, business processes, software automation, and network communications to deliver unparalleled, unified business management solutions. Since 1980, Essent has offered the systems, service, software, and support critical to success in today's highly-competitive marketplace.