It wasn’t too long ago that hackers exploited Azure’s vulnerabilities. Now, cybersecurity firm Wiz has discovered four new vulnerabilities which affected thousands of Azure clients. This is not Wiz’s first time spotting a vulnerability in Azure.
In August 2021, the security firm reported the Cosmos DB loophole in the Microsoft cloud, allowing the nefarious actors to download and edit data and the architecture of the targeted database service. Thanks to the discovery, Microsoft had fixed the Cosmos gap immediately.
The latest discovery sheds light on four loopholes that affect the open-source software resource in Azure. The vulnerabilities exist in the cloud tools, including Automation, Operations Management Suite, Diagnostics, and Log Analytics. Wiz also stated that the vulnerabilities were not yet fixed by Microsoft, despite bringing them to light.
The affected resource, Open Management Infrastructure (OMI), is a tool that runs in the background. It is deployed behind the scenes when users initialize a Linux virtual cloud server and couple it with the Azure services.
Also Read: Security Firm Fortinet Suffers Cyberattack, Almost 500,000 VPN Account Credentials Leaked
Wiz, nicknamed the vulnerabilities OMIGOD, stated that the nefarious actors could easily exploit the loopholes to gain root privileges. The discovery only worsens as Wiz found that the hackers can even execute ransomware attacks and various other undesired things.
“We conservatively estimate that thousands of Azure customers and millions of endpoints are affected,” stated Wiz. “In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk.”
Microsoft declined to comment on these gaps. Microsoft did, however, acknowledge the issue to some extent. A company employee posted on Github that “the team is aware of the vulnerability in the OMI dependency, we are currently generating a release using the fixed OMI version and will publish the release once verified.”
The company released a patched OMI, but Wiz affirmed that the patched version didn’t address the gaps. Later, the software manufacturer announced certified updates for Azure extensions.
Also Read: REvil’s Faux Pas Thwarts Massive Ransomware Attack
The extension updates, some of which require manual installation, don’t fully plug the gaps. Adding to the confusion is Microsoft’s ignorance of the Stack Hub vulnerability, as that feature didn’t receive any update yet.
The Extent of the OMIGOD Vulnerabilities
The year hasn’t been exceptionally bright for Microsoft. Although the year isn’t even complete yet, the journey for the company wasn’t entirely enjoyable as many gaping holes were discovered in their solutions. From Azure Cosmo DB to Exchange, several solutions of Microsoft were found to be vulnerable.
Although most of these vulnerabilities encircle Azure, even Microsoft customers were affected by OMIGOD as OMI was installed without the users’ knowledge of their Linux infrastructures. Often these Linux machines are on-premises installations.
What widened the scope for damage was that OMI is an open-source project which has Microsoft’s backing. As the open-source tool works with UNIX, Linux, and Windows computers, OMI is utilized by many.
Also Read: LockBit Hackers Exploit Accenture to Compromises an Airliner!
“Because Azure provides virtually no public documentation about OMI, most customers have never heard of it and are unaware that this attack surface exists in their environment,” stated the post.
Nir Ohfeld, a Wiz security researcher, stated that one of the disadvantages of open-source software is that the source code is visible to all. Although Samaritans would spot inadequate portions of the code, nefarious actors would love to exploit the drawbacks. In addition, as the demand for open-source apps is high, their integration with other applications and solutions is also high. This widens the damage scope.
He also emphasized the necessity for transparency, saying that the vendors need to be forthcoming about what is embedded in the tools. One should also reconsider the cost and benefit aspects of cloud tool adoption as they may put the users at a higher risk of exposure.
“You can configure your machine so good, enable all of Azure’s security measures, but those security measures are exactly the ones that installed the vulnerable agent,” Nir said.
More News:
- Accenture Suffers Ransomware Attack; USD 50 Million Ransom Demanded
- Poly Network Suffers Major Crypto Heist, Hackers Haul Away USD 600 Million!
- PwnedPiper PTS Security Vulnerabilities Put 80% of American Hospitals at Risk!
- Hackers Exploit Synnex to Access Customer Apps on Azure!
- AT&T Purportedly Breached! 70 Million Users’ Data Compromised
- T-Mobile Hack Exposes Personal Data of 47 Million Customers!
- User Misconfigurations in Microsoft Power Apps Exposes 38 Million Records!