"Critical Azure Security Vulnerabilities Affect Large Organizations"

Researchers at the cloud security vendor Wiz have discovered four critical vulnerabilities in Open Management Infrastructure (OMI), a little-known service deployed on a large number of Linux virtual machines (VMs) in Azure. According to the Wiz researchers, the vulnerabilities are easy to exploit. Their exploitation could allow attackers to remotely execute arbitrary code within the network with a single request. The exploitation of these vulnerabilities could also allow attackers to escalate to root privileges. These vulnerabilities are tracked as CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649. Azure customers with Linux who use Azure Automation, Azure Operations Management Suite, Azure Log Analytics, Azure Diagnostics, Azure Configuration Management, and Azure Automatic Update are affected. Tyler Shields, CMO at JupiterOne, stresses that enterprises must know which of their assets have the OMI management function enabled to understand their exposure to these vulnerabilities. Enterprises are also encouraged to ensure that nothing is directly exposed to the Internet. Transitive trust relationships among assets can accidentally create a path that an attacker can exploit, despite implementing multiple layers of firewalls to protect these assets. A cloud-native attack surface measurement tool that connects assets in a relationship graph can be used to quickly determine if any of those instances are exposed. A survey conducted by Wiz revealed that more than 65% of sampled Azure customers were exposed to these vulnerabilities and are unknowingly at risk. OMI's functions within Azure VMs are widely used. However, they are almost entirely undocumented, and there are no clear guidelines on how customers could check and upgrade existing OMI versions. This article continues to discuss the critical vulnerabilities discovered in OMI, what enterprises must do to understand their exposure to them, and the cloud service risk/reward tradeoff. 

Security Magazine reports "Critical Azure Security Vulnerabilities Affect Large Organizations"