National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

Microsoft Azure Users with Linux VMs Exposed to Security Vulnerabiltiy Called OMIGOD

15 September 2021

Microsoft Azure users with Linux VMs or virtual machines running are exposed to the latest security vulnerabilities dubbed as OMIGOD.

A security firm known as Wiz said that Microsoft automatically installs an open-source called Open Management Infrastructure or OMI for Linux systems.

It is not the first time that Wiz was able to unravel some vulnerability inside the system of Microsoft Azure.  The security vendor also exposed the risk brought upon by Azure Cosmos DB, which affected prominent companies like Rolls Royce, Coca-Cola, Mercedez Benz, Siemens, and Symantec.


Microsoft Azure Users with Linux VMs Exposed

As per ZDNet, most Azure users are not knowledgeable about the installation of OMI. Thus, making them completely unaware of the severe security vulnerability that it brings with it.

OMI is the Linux or UNIX counterpart of Windows Management Infrastructure or WMI. The software enables its users to sync their configurations and gather statistics, which Azure services, such as Azure Automation, Azure Insights, and Open Management Suite mainly use.

It is worth noting that Wiz was able to dig a total of four security vulnerabilities in the OMI project of Microsoft. The security company dubbed these flaws as OMIGOD to give it a catchy nickname.

The vulnerabilities allow hackers to gain root access from a PC remotely by sending a single packet with a removed authentication header.

One of the security researchers at Wiz, Nir Ohfeld, noted that over 65% of Azure users running Linux are exposed to the security vulnerabilities brought silently by OMI. To be precise, Microsoft Azure customers with Linux who use Azure Automation, Azure Operations Management Suite, Azure Log Analytics, Azure Diagnostics, Azure Configuration Management, and Azure Automatic Update are at risk from cyber-attacks. On top of that, Wiz further noted that Azure cloud customers, as well as other Microsoft users, are also affected by the OMI vulnerability as it could be installed on any Linux computer.

That said, all users with OMI installed are essentially exposed to security attacks. In addition, Wiz also disclosed that OMI is not exclusively used for Microsoft Azure, Google Cloud Platform and Amazon Web Services are utilizing it as well.

OMIGOD Vulnerability: How to Fix

Wiz specifically warned about four kinds of common vulnerability exposure of CVEs from OMI, including CVE-2021-38648, CVE-2021-38645, CVE-2021-38647, and CVE-2021-38649.

It is to note that Microsoft has already released a security patch for these said CVEs on its latest Patch Tuesday on Sept 14.

As such, to fix the security loopholes, Azure users should make sure that they are using the OMI version. Microsoft urges users who are not using this update yet to install in as soon as possible.

The information contained in this website is for general information purposes only. The information is gathered from TechTimes, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home