The VENOM vulnerability, which is the Virtualized Environment Neglected Operations Manipulation targeting data center software, allows cybercriminals to exploit remote access on virtual machines. If done, hackers are able to steal data - and gather information about the company's public cloud.
There is a fear that the VENOM puts intellectual property at risk, along with other personal information, so millions of users could be impacted. Although there were initial comparisons between Venom and Heartbleed, the new security flaw isn't quite on the same level.
"At this time, Venom poses the same level of risk as any new remote-code execution vulnerability," said Chad Kahl, Threat Intelligence Team Lead at Solutionary. "It is bad, but readily fixed or mitigated. First off, it only affects certain platforms. While popular, it doesn't span almost the entire Internet like Heartbleed did."
It doesn't look like VENOM has actually been exploited in the wild yet - and with no proof of concept code or observed active exploitation - there is time for systems to be patched. Patches are already available, so IT staff must be quick to respond.