ESX Code Leak Investigation Ongoing
VMware aware of hypervisor code being posted on public sites; company advises ESX users to keep up on "security hardening guidelines."
A blog post earlier this week from VMware director of platform security, Iain Mulholland, alerted ESX users that code written for the hypervisor technology back in 2004 was posted by hackers to some Internet sites and distributed through peer file sharing networks.
The code posting follows a similar posting incident back in April this year. Following that incident, VMware issued security patches for flaws that might have been exposed through the code leak.
The code leak pertains specifically to the vmkernel, which is the OS that allows ESX to run as a bare-metal hypervisor. Mulholland in the same blog post said he believes more code leaks will be forthcoming, so users should continue to be diligent with patches as those are released. Even so, Mulholland believes the security impact on users is minimal.
ESX is older hypervisor technology, being phased out in favor of ESXi, which is a more code-compact version of ESX. Versions of vSphere newer than 4.1 contain the newer ESXi.
Michael Domingo is executive editor of MCPmag.com and hosts the Redmond Radio podcasts.