Attention: Electra Announcement Regarding “Venom”

On May 13, 2015, a vulnerability was disclosed in the QEMU Floppy Drive Controller that, when exploited, could allow an attacker to escape a virtual machine on certain open source hypervisors. CVE-2015-3456 (VENOM) has been assigned for this vulnerability.

The areas of investigation for remediation for Electra clients are:

1. Clients’ own computer systems
2. Electra’s hosted systems

a. Rackspace
b. NaviSite
c. Amazon

With respect to client installed Electra Reconciliation software (OpenStaars), there is no vulnerability per se because the vulnerability is in the operating system software and not in the application software. Electra encourages its customers to apply the appropriate patches which are now widely available to mitigate risk for this vulnerability.

For its own systems, the software running at NaviSite is not running any of the affected hypervisors. The systems at Rackspace and Amazon have already been patched.

We take the responsibility of keeping your information protected very seriously at Electra Information Systems. We would like to assure you that with regards to the Venom bug:

1) Your account is secure
2) Your account details were not exposed in the past and will remain secure
3) You do not need to take any additional action to safeguard your information
4) There is no need to change your password
5) All servers have been patched to avoid other potential exploits of this bug

Leave a suggestion

Client Testimonials

Tammy L. Johnson, Globeflex Capital L.P.
We’ve now been a client for over 11 years and the relationship remains strong. Electra keeps us well informed, continuously innovating and adding functionality. Electra provides information on the latest versions which allows us to take advantage of the latest enhancements as our business requirements change and evolve.
Tammy L. Johnson, Globeflex Capital L.P.


Get more information or schedule a product demo. Someone from our team will contact you promptly.