Security researchers at Wiz discover another major Azure vulnerability

by
Jim Salter
from Ars Technica - All content on (#5PH96)
data-center-cloud-lightning-ohmigod-800x

Enlarge / This isn't how the OMIGOD vulnerability works, of course-but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images)

Cloud security vendor Wiz-which recently made news by discovering a massive vulnerability in Microsoft Azure's CosmosDB-managed database service-has found another hole in Azure.

The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure's UI.

At its worst, the vulnerability in OMI could be leveraged into remote root code execution-although thankfully, Azure's on-by-default, outside-the-VM firewall will limit it to most customers' internal networks only.

Read 26 remaining paragraphs | Comments

index?i=29dOAlUVhAk:FZAVqsF2e5k:V_sGLiPB index?i=29dOAlUVhAk:FZAVqsF2e5k:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments