Source code for old versions of VMware’s ESX technology ended up leaked by hackers over the weekend.
Vmware said Sunday the exposed portions of its hypervisor date back to 2004, and the leak follows the disclosure of VMware source code in April.
“It is possible that more related files will be posted in the future,” said Iain Mulholland, VMware’s director of platform security. “We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.”
Mulholland said customers who apply the latest product updates and patches, in addition to following system hardening guidelines, should end up protected against attacks developed in the wake of the code leak.
“By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected,” he said.
A 2MB compressed archive of the software blueprints uploaded into file-sharing networks and promoted by various tweeters on Sunday. Some of these tweets said the leaked code was the “full VMware ESX Server Kernel.”
A person going by the name of Stun, who made the source code available, wrote, “It is the VMKernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same.”