“Secret” Agent Exposes Azure Customers To Unauthorized Code Executions

Update September 18, 08:00AM EST — Microsoft updated its advisory and declared an auto-update for their PaaS service offerings that use vulnerable VM extensions by September 22, 2021. Microsoft also clarified which instances will still require manual patching, see details.

This out of the Wiz.io blog, researchers recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

From the looks of it, customers that set up Linux VMs (virtual machines) in their Azure cloud accounts unknowingly have the OMI agent installed automatically — when certain Azure services are enabled. Unless a patch is applied, attackers can easily exploit four vulnerabilities to escalate to root privileges and remotely execute malicious code.

For more information on this exploit please visit Wiz.io for more details.