If earthquakes weren’t enough, yet another major security announcement from a major vendor this week.
A series of four vulnerabilities involving software agent Open Management Infrastructure has left Microsoft Azure customers exposed to remote code execution.
The flaws were reported Tuesday by cloud security vendor Wiz, which previously disclosed the ChaosDB Azure vulnerability last month.
Linux reportedly made up over half of Azure instances as of 2019, and Wiz’s post explained that customers utilizing Linux machines are vulnerable if they use any of a list of tools and services that use OMI, including many common ones.
Specifically, customers are exposed to a set of four vulnerabilities: three high-severity privilege escalation vulnerabilities and a critical remote code execution vulnerability, CVE-2021-38647, which has a CVSS of 9.8.
Microsoft patched the four vulnerabilities in its Patch Tuesday release this month, though the fixes will not be automatically applied for Azure customers.
Asked for clarification regarding whether the vulnerabilities are completely fixed and whether customers need to take action, Microsoft declined to comment beyond linking to its security update guide.
“The ease of exploitation and the simplicity of the vulnerabilities makes us wonder if the OMI project is mature enough to be used so widely,” Ohfeld said.
If you are an Acurus customer rest assure we are reviewing and ensuring you are not impacted.
If you want help and advise on how to deal with this please reach out for help.
Once it’s up get others staff to reshare, like, etc.