Microsoft Azure users with Linux VMs or virtual machines running are exposed to the latest security vulnerabilities dubbed as OMIGOD.
A security firm known as Wiz said that Microsoft automatically installs an open-source called Open Management Infrastructure or OMI for Linux systems.
It is not the first time that Wiz was able to unravel some vulnerability inside the system of Microsoft Azure. The security vendor also exposed the risk brought upon by Azure Cosmos DB, which affected prominent companies like Rolls Royce, Coca-Cola, Mercedez Benz, Siemens, and Symantec.
Microsoft Azure Users with Linux VMs Exposed
As per ZDNet, most Azure users are not knowledgeable about the installation of OMI. Thus, making them completely unaware of the severe security vulnerability that it brings with it.
OMI is the Linux or UNIX counterpart of Windows Management Infrastructure or WMI. The software enables its users to sync their configurations and gather statistics, which Azure services, such as Azure Automation, Azure Insights, and Open Management Suite mainly use.
It is worth noting that Wiz was able to dig a total of four security vulnerabilities in the OMI project of Microsoft. The security company dubbed these flaws as OMIGOD to give it a catchy nickname.
The vulnerabilities allow hackers to gain root access from a PC remotely by sending a single packet with a removed authentication header.
One of the security researchers at Wiz, Nir Ohfeld, noted that over 65% of Azure users running Linux are exposed to the security vulnerabilities brought silently by OMI. To be precise, Microsoft Azure customers with Linux who use Azure Automation, Azure Operations Management Suite, Azure Log Analytics, Azure Diagnostics, Azure Configuration Management, and Azure Automatic Update are at risk from cyber-attacks. On top of that, Wiz further noted that Azure cloud customers, as well as other Microsoft users, are also affected by the OMI vulnerability as it could be installed on any Linux computer.
That said, all users with OMI installed are essentially exposed to security attacks. In addition, Wiz also disclosed that OMI is not exclusively used for Microsoft Azure, Google Cloud Platform and Amazon Web Services are utilizing it as well.
OMIGOD Vulnerability: How to Fix
Wiz specifically warned about four kinds of common vulnerability exposure of CVEs from OMI, including CVE-2021-38648, CVE-2021-38645, CVE-2021-38647, and CVE-2021-38649.
It is to note that Microsoft has already released a security patch for these said CVEs on its latest Patch Tuesday on Sept 14.
As such, to fix the security loopholes, Azure users should make sure that they are using the 188.8.131.52 OMI version. Microsoft urges users who are not using this update yet to install in as soon as possible.