SBN

OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs

In a rather appalling discovery, Microsoft has now released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.

Available on GitHub, OMI is an open source IT environment management software product for Linux and Unix-based systems and is widely deployed on Microsoft Azure VMs and services. It is similar to Windows’ WMI, but for Unix systems.

This month, researchers at security firm Wiz found multiple vulnerabilities and named them “OMIGOD.”

Although heavily used by Azure services, OMI may be unheard of as it isn’t documented in Azure knowledgebase—and yet it’s automatically deployed on Azure VMs during the onboarding process. As such customers may have no awareness of this “secret” agent running in the background, explain Wiz researchers.

These vulnerabilities are:

  • CVE-2021-38647 – Unauthenticated RCE as root
  • CVE-2021-38648 – Privilege Escalation vulnerability
  • CVE-2021-38645 – Privilege Escalation vulnerability
  • CVE-2021-38649 – Privilege Escalation vulnerability

“The vulnerabilities are very easy to exploit, allowing attackers to remotely execute arbitrary code within the network with a single request and escalate to root privileges,” said Nir Ohfeld, a senior security researcher at Wiz in a report published this week.

And, what’s worse is that an OMI agent runs with root privileges.

Any application or user can initiate a connection with the OMI agent via UNIX sockets or an HTTP API, depending on how the product is configured, therefore expanding the possible attack surface for bad actors.

By exploiting the aforementioned vulnerabilities, remote attackers and low privileged users can execute code on target machines, or gain elevated privileges.

The researchers determined that over 65% of sampled Azure customers were exposed to these vulnerabilities and unknowingly at-risk.

Patch your Azure services ASAP

Microsoft installing this software agent with critical vulnerabilities on thousands of Azure (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/microsoft-installed-open-source-agent-critical-vulnerabilities-on-linux-vms