Passageway's Official Statement:
The VENOM vulnerability is present in a virtual floppy disk controller that is integrated into a number of virtual machine hosts. If you are hosting your portal on site using a virtual machine, you need to apply security patches immediately. A list of common virtual machine platforms and links to the applicable patches can be found athttp://venom.crowdstrike.com/. Notably, the Microsoft Hyper-V platform is unaffected, so you may not have ever been at risk, and not need to apply any patch. If you are hosting your portal directly on a physical server, then the VENOM vulnerability does not affect you. If Passageways is maintaining your remote portal host, we can assure you that we have taken the necessary steps to ensure that vulnerabilities have been patched and eliminated from the machines hosting your portal. We do not use virtual machines to host our customers so this particular vulnerability does not affect our environment.
More information about the vulnerability:
CVE: CVE-2015-3456 (VENOM)
Potential Impact: If successfully exploited, an attacker may remotely execute arbitrary code at the root or administrator privilege level of the hypervisor. Due to direct exploitation of the hypervisor platform, the exploit functions on all host OSs.
Recommended Action: Analyze your environment for any implementations of affected hypervisors. In any instances discovered, consult the vendor for applicable patches. If a patch is not currently available, or unable to be installed, ensure the guest OS is not operating with root or administrator level access to mitigate this vulnerability.