Hacker Neue

Preferences
rlpb parent
The vulnerability is in floppy drive emulator code. It isn't clear to me whether all users are vulnerable or only hosts that have floppy drive devices defined [in their guests] are vulnerable.

If the latter, perhaps Amazon was never vulnerable anyway?

brohee
The disclosure states that due to another bug, even floppy less hosts were vulnerable...
mhayden
The exploit affects VM's whether or not they have a floppy controller or disk attached.
duaneb
If I were amazon, I would have done an audit of the hyperv software and removed the floppy driver code entirely if unused for precisely this reason. This strikes me as a basic, "no-brainer" hardening step for my billion dollar(s) hosting business.
jpgvm
They use Xen, not Hyper-V and yes they already remove/replace large portions of Xen.
justincormack
Their PV domains are not affected anyway. Quite possibly they are running qemu in stub domains for HVM as well, rather than on dom0, but you may well be right about the floppy code too.

This item has no comments currently.