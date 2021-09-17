CreatorsPublishersAdvertisers
View more in
Software

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

By noreply@blogger.com (Ravie Lakshmanan)
wpguynews.com
 9 days ago

Cover picture for the articleCVE-2021-38647 (CVSS score: 9.8) – Open Management Infrastructure Remote Code Execution Vulnerability. CVE-2021-38648 (CVSS score: 7.8) – Open Management Infrastructure Elevation of Privilege Vulnerability. CVE-2021-38645 (CVSS score: 7.8) – Open Management Infrastructure Elevation of Privilege Vulnerability. CVE-2021-38649 (CVSS score: 7.0) – Open Management Infrastructure Elevation of Privilege Vulnerability. Open Management...

wpguynews.com

Comments / 0

Related
mspoweruser.com

Microsoft is creating a new “Polls” app for Microsoft Teams

Microsoft has announced that they will soon be releasing a new Polls app for Microsoft Teams. The app is however not new, but merely a resurfacing of the same functionality of the Polls feature of the Microsoft Teams Forms app. Microsoft says according to customer feedback and telemetry, they have...
SOFTWARE
kaspersky.com

OMI vulnerabilities threaten Linux virtual machines on Microsoft Azure

News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although a stealth installation might sound...
SOFTWARE
linuxtoday.com

How to install 0AD Linux Game on Ubuntu 20.04

Although the catalog of games for Linux is not yet equal to that of Windows in quantity, there are indeed many available. One of the best is 0AD and today you will learn how to install it on Ubuntu 20.04.
VIDEO GAMES
Redmondmag.com

Microsoft Embracing OpenTelemetry for Azure Monitor Application Insights

Microsoft on Monday described efforts to bring OpenTelemetry measures to Azure Monitor Application Insights, and eventually to other Azure services, as well. The idea behind Microsoft's support for OpenTelemetry is to provide "consistent APIs/SDKs across languages" for users of Azure Monitor Application Insights when monitoring the performance of hosted applications. OpenTelemetry specifically focuses on a vendor-agnostic way of surfacing traces, metrics and logs for cloud-native applications.
SOFTWARE
RELATED PEOPLE
Person
Omi
Computer Weekly

Microsoft ‘accelerates’ Flatcar Container Linux

Earlier this year Microsoft announced that it acquired Kinvolk, the creator and distributor of Flatcar Container Linux, a community Linux distribution designed for container workloads, with high security and low maintenance. Along with that acquisition, it also took on the company’s Lokomotive and Inspektor Gadget projects. Since that time, the...
SOFTWARE
Redmondmag.com

Microsoft Azure OMI Vulnerabilities, Dubbed 'OMIGOD,' Still Not Patched

Microsoft's Open Management Infrastructure (OMI) vulnerabilities, disclosed with this week's update Tuesday patch releases, demonstrated yet another hole in Azure security. The OMI vulnerabilities were responsibly disclosed to Microsoft by security researchers at Wiz, a Tel Aviv- and Palo Alto, Calif.-based maker of cloud security solutions. They further described the OMI vulnerabilities in this Sept. 14 Wiz research blog post.
SOFTWARE
winbuzzer.com

Microsoft Patches Internet Explorer Trident Engine Flaw

Users still running Microsoft Internet Explorer on the MSHTML (Trident) engine has been dealing with potential attacks from an exploited vulnerability. Microsoft says hackers have been targeting the flaw for the last few weeks. Successful attacks involve phishing campaigns aimed at enterprise networks. Microsoft lists the vulnerability as CVE-2021-40444 with...
SOFTWARE
TechRadar

Azure users running Linux VMs should update their systems right away

Four zero-day vulnerabilities in an open source piece of software that’s embedded in many popular Azure services can be exploited for privilege escalation and remote code execution attacks, report cybersecurity researchers. The vulnerabilities in the software agent named Open Management Infrastructure (OMI) were discovered by researchers at Wiz, who estimate...
SOFTWARE
IN THIS ARTICLE
#Suse Linux#Ubuntu Linux#Oracle Linux#Cvss#Wmi#Oms#Azure Log Analytics#Azure Diagnostics#Rce#90#Amazon Web Services#Google Cloud Platform#Vm#Bad Packets#Azure Linux
Ars Technica

Security researchers at Wiz discover another major Azure vulnerability

Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure's CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several...
SOFTWARE
Dark Reading

OMIGOD: Azure Users Warned of Critical OMI Vulnerabilities

Microsoft this week patched four vulnerabilities in Open Management Infrastructure (OMI), a widely used but little-known software agent embedded in many commonly used Azure services. The Wiz Research Team discovered these flaws, which include remote code execution bug CVE-2021-38647 and privilege escalation vulnerabilities CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649. Most large organizations...
SOFTWARE
ZDNet

OMIGOD: Azure users running Linux VMs need to update now

Users of Azure who are running Linux virtual machines may not be aware they are have a severely vulnerable piece of management software installed on their machine by Microsoft, that can be remotely exploited in an incredibly surprising and equally stupid way. As detailed by Wiz.io, which found four vulnerabilities...
SOFTWARE
YOU MAY ALSO LIKE
NewsBreak
Microsoft
NewsBreak
Technology
NewsBreak
Computers
NewsBreak
Software
Lumia UK

Pre-Announcing Automatic Installation of the Power BI app for Microsoft Teams

Many organizations use modern collaboration in Microsoft Teams to enable faster decision making and action. Now, Power BI is making it easier for organizations to roll-out Power BI experience in Teams, so users get can discover and use data where they work. This helps people get notified faster, get richer link sharing experiences, and access all their data without leaving Microsoft Teams.
CELL PHONES
threatpost.com

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure (OMI) — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said.
SOFTWARE
linuxtoday.com

Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes

Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws, after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure. According to cybersecurity firm Recorded Future, the attacks began the night of Sept. 16 after a proof-of-concept exploit was published earlier...
SOFTWARE
mspoweruser.com

HONOR and Microsoft announce expanded partnership involving Azure and Windows

HONOR and Microsoft announced the expanded partnership today involving cloud, personal and mobile computing. As part of this partnership, HONOR will be using Microsoft Azure’s AI speech and AI translation services for its Smart Assistant YOYO. Microsoft and HONOR also announced that they will work together to improve the user...
BUSINESS
bleepingcomputer.com

OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. The four security flaws (allowing privilege escalation and remote code execution) were found in the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances.
SOFTWARE
bleepingcomputer.com

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs

Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. The four security flaws (allowing remote code execution and privilege escalation) were found in the Open Management Infrastructure (OMI) software agent silently installed on more than half of Azure instances. According to Wiz...
SOFTWARE
ZDNet

New Go malware Capoae targets WordPress installs, Linux systems

A new strain of malware, written in Go, has been spotted in cyberattacks launched against WordPress and Linux systems. On Thursday, Larry Cashdollar, senior security researcher at Akamai said the malware, dubbed Capoae, is written in the Golang programming language -- fast becoming a firm favorite with threat actors due to its cross-platform capabilities -- and spreads through known bugs and weak administrative credentials.
SOFTWARE

Comments / 0

Community Policy