Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Sep 15, 2021
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services - CVE-2021-38647 (CVSS score: 9.8) - Open Management Infrastructure Remote Code Execution Vulnerability CVE-2021-38648 (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38645 (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38649 (CVSS score: 7.0) - Open Management Infrastructure Elevation of Privilege Vulnerability Open Management Infrastructure ( OMI ) is an open-source analogous equivalent of Win...
