“Secret” Agent Exposes Azure Customers To Unauthorized Code Executions

Update September 18, 08:00AM EST — Microsoft updated its advisory and declared an auto-update for their PaaS service offerings that use vulnerable VM extensions by September 22, 2021. Microsoft also clarified which instances will still require manual patching, see details.

This out of the Wiz.io blog, researchers recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

From the looks of it, customers that set up Linux VMs (virtual machines) in their Azure cloud accounts unknowingly have the OMI agent installed automatically — when certain Azure services are enabled. Unless a patch is applied, attackers can easily exploit four vulnerabilities to escalate to root privileges and remotely execute malicious code.

For more information on this exploit please visit Wiz.io for more details.

--

--

--

A benevolent block producer crew based in Detroit, MI building value on blockchain networks. Planting new seeds of economic opportunity.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Repeat After Me — Don’t Use Debit Cards to Shop — Dr Nick

Mask Network Newsletter (May 2021)

Validator Parameters on Oraichain Mainnet

Round 2 Airdrop x Bounty Campaign Distribution

WEB 3.0: Understanding the Decentralized Future of the Internet

REPAIR the GDPR Procedure

Moon Birds Non Pixelated NFT ⚡ NFTbolt.io

Moon Birds Non Pixelated NFT ⚡

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Detroit Ledger Technologies

Detroit Ledger Technologies

A benevolent block producer crew based in Detroit, MI building value on blockchain networks. Planting new seeds of economic opportunity.

More from Medium

Corporate audit challenges for hardcoded secrets or passwords in source code

WebRTC in a Nutshell (Ep-II)

User centric alerts and SLOs

Designing a Veteran-first online experience for VA health centers