Hacker News new | past | comments | ask | show | jobs | submit login

The vulnerability is in floppy drive emulator code. It isn't clear to me whether all users are vulnerable or only hosts that have floppy drive devices defined [in their guests] are vulnerable.

If the latter, perhaps Amazon was never vulnerable anyway?




The disclosure states that due to another bug, even floppy less hosts were vulnerable...


The exploit affects VM's whether or not they have a floppy controller or disk attached.


If I were amazon, I would have done an audit of the hyperv software and removed the floppy driver code entirely if unused for precisely this reason. This strikes me as a basic, "no-brainer" hardening step for my billion dollar(s) hosting business.


They use Xen, not Hyper-V and yes they already remove/replace large portions of Xen.


Their PV domains are not affected anyway. Quite possibly they are running qemu in stub domains for HVM as well, rather than on dom0, but you may well be right about the floppy code too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: