OMIGOD do these Four Patches Now, says Microsoft


Staff member
Malware Hunter
Jul 27, 2015
Microsoft is advising users running Linux virtual machines within Azure to update four critical vulnerabilities in an open-source software agent called Open Management Infrastructure (OMI). If exploited the vulnerabilities could lead to remote code execution.

Created by Microsoft and then donated to the Open Group in 2012, OMI lets users manage configurations across remote and local environments. While it’s technically not under Microsoft ownership, the Redmond-headquartered company uses OMI behind the scenes as a “building block” in its virtual machines. As a result, many services including Azure Log Analytics, Azure Diagnostics, Azure Automation and Azure Security Center, are affected. The OMI vulnerability was discovered by researchers at cloud security vendor Wiz, the same team that recently discovered a separate vulnerability in flagship Azure database product Cosmos DB. They described the vulnerabilities as “very easy to exploit” and dubbed them “OMIGOD”.

While OMI is not a well-known product, it is ubiquitous because it is installed when users install log collection. Wiz looked at a sample of Azure customers running Linux and found over 65% were exposed to the OMI vulnerability. “This is a textbook RCE vulnerability that you would expect to see in the 90’s – it’s highly unusual to have one crop up in 2021 that can expose millions of endpoints,”
“This OMI service is a standard service that gets deployed as Microsoft’s Azure/Linux infrastructure building blocks,” Tom Van de Wiele, a security researcher at F-Secure, explained to Verdict. “That means [Microsoft] has patched it once it was reported to it, but of course deployments that were already in production before the change might still be running the vulnerable version and will require a manual update or reinstall with the newer patched versions.” In other words: “This is not something you can have Microsoft automatically fix for you, you need to manually get to a newer and patched version.” This could prove problematic for organisations as many are unaware that OMI is installed. Patches were posted to GitHub in August and are available here.