The Venom vulnerability afflicting many virtualisation platforms, while serious, is not as dangerous as competing threats such as the infamous Heartbleed.
Venom is a decade-old vulnerability in the native QEMU, Xen and KVM virtual machine platforms and appliances that was uncovered by researchers at CrowdStrike.
The widespread nature of the bug, which affects big-name products from Red Hat, Citrix, Rackspace and Ubuntu, among others, caused ripples in industry as it could in theory be exploited for a variety of purposes.
Most worrying, it could allow attackers to break out of protected guest virtual environments and hijack control of the operating system hosting them - which would in theory let them use cloud servers for all manner of follow-up attacks.
The widespread nature of the threat, combined with the harm it could theoretically cause, led many to compare it to the infamous Heartbleed bug.
Heartbleed is a flaw in the OpenSSL implementation of the transport layer security (TLS) protocol used by open source web servers such as Apache and Nginx, which host around 66 percent of all sites.
It is known to have been actively exploited by hackers and according to statistics from Venafi, Heartbleed is still putting 67 percent of UK businesses at risk, despite the public availability of patches.
However, experts within the security community have been quick to downplay the significance of Venom and any comparison with Heartbleed.
Patrick Wardle, director of research at Synack, argued the difficult process required to exploit Venom means it is unlikely most hackers will bother targeting it.
"Is this the next Heartbleed? Unlikely. Heartbleed was a remote exploit and could be targeted by anyone at any time," he said.
"Venom requires code execution on a VM, so it's not remote. Heartbleed affected a much wider range of servers and clients, and the responsibility to patch was often left up to the end user.
"With Venom, a single patch at the hypervisor level should secure all virtualised machines. In a cloud environment, the cloud provider is likely responsible for patching the bug (as opposed to the end users or ‘owners' of the VM) - and has probably already done so."
Strategist at Tenable Network Security Cris Thomas agreed, pointing out two out of the three affected platforms have already patched the flaw.
"While CVE 2015-3456 (Venom) does exist in the default configuration and does allow arbitrary code execution, it only impacts three of the six major vendors - and two of those are already patched," he said.
"Though potentially serious if unpatched, this bug requires the attacker to get admin or root privileges in the root operating system and has not yet been seen in the wild. So while CVE 2015-3456 has been getting a lot of press, we have yet to see if its bite is as bad as the hype."
RedSeal CTO Dr Mike Lloyd said companies should make patching the Venom flaw a priority.
"The responsibility to apply the remediation falls to the service provider, and so customers are likely to burn up the phone lines calling in to make sure this has been done promptly," he said.
"For organisations running private cloud infrastructure, the responsibility falls to internal IT, as a part of routine patch management. Businesses can expect some brief disruptions as this patch is applied.
"If your business uses the affected virtualisation systems, the patch should be treated with very high priority, and is well worth a brief service interruption in almost all cases."
Poor patching practices are an ongoing problem within most businesses and government departments, and have helped hackers breach numerous high-profile targets.
US Secretary of Defense Ash Carter revealed Russian hackers successfully breached Department of Defense (DoD) systems by exploiting an unpatched flaw in one of the department's legacy systems on 24 April.
But deep learning pulls ahead for complex tasks
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base