ads
Homepage > Azure users running Linux virtual machines should update their systems immediately

Azure users running Linux virtual machines should update their systems immediately

Four zero-day vulnerabilities in one Open source piece of software that is built into many Azure services can be exploited for elevation of privilege and remote code execution attacks, report cybersecurity researchers.

The vulnerabilities of the software agent called Open Management Infrastructure (OMI) were discovered by researchers from Ace, which estimate they affect thousands of Azure customers, across millions of endpoints.

The IMO agent is automatically deployed inside Linux virtual machines (MV) when users activate certain Azure services, the researchers point out.

“One of the biggest challenges in prevention [cyberattacks] is that our digital supply chain is not transparent. If you don’t know what’s hidden in the services and products you use every day, how can you manage the risk? »Argue the researchers.

Software supply chain blind spot

The vulnerabilities affect Azure clients on Linux machines, which according to some estimates, constitute a significant number of all Azure instances.

These users put their virtual machines at risk when they use certain Azure services such as Azure Automation, Azure Automatic Update, Azure Log Analytics, Azure Configuration Management, etc.

In fact, Wiz researchers note that analysis of a small sample of Azure tenants found that over 65% were at risk for vulnerabilities, colored by the name “OMIGOD,” which was the researchers’ first reaction when ‘they discovered them.

“In addition to Azure cloud customers, other Microsoft customers are affected because OMI can be installed independently on any Linux machine and is frequently used on-premises,” the researchers add.

The good news is that Microsoft has provided fixes for the issues as part of the September Patch Tuesday pack, and Wiz is urging all Azure users to ensure that they are running fixed versions of the IMO.

Similar Posts:

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Recent Articles

Most Popurlar

Trending this Week

Similar Posts: