1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Azure users running Linux VMs should update their systems right a

    From TechnologyDaily@1337:1/100 to All on Wed Sep 15 14:00:04 2021
    Azure users running Linux VMs should update their systems right away

    Date:
    Wed, 15 Sep 2021 12:40:46 +0000

    Description:
    Researchers find four zero-days in an open source component thats silently rolled inside Linux VMs in Azure.

    FULL STORY ======================================================================

    Four zero-day vulnerabilities in an open source piece of software thats embedded in many popular Azure services can be exploited for privilege escalation and remote code execution attacks, report cybersecurity researchers.

    The vulnerabilities in the software agent named Open Management
    Infrastructure (OMI) were discovered by researchers at Wiz , who estimate
    that they affect thousands of Azure customers, across millions of endpoints.

    The OMI agent is automatically deployed inside Linux virtual machines ( VM ) when users enable certain Azure services, the researchers point out.
    TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Check out our list of
    the best cloud computing services right now These are the best cloud hosting services on the market Here's our list of the best small business servers available

    One of the biggest challenges in preventing [cyberattacks] is that our
    digital supply chain is not transparent. If you dont know whats hidden in the services and products you use every day, how can you manage the risk? argue the researchers. Software supply chain blind spot

    The vulnerabilities affect Azure customers on Linux machines, which,
    according to some estimates , make up a sizable number of all Azure
    instances.

    These users put their VMs at risk when they use certain Azure services such
    as Azure Automation, Azure Automatic Update, Azure Log Analytics, Azure Configuration Management, and others.

    In fact, Wiz researchers note that analyzing a small sample of Azure tenants revealed that over 65% were at risk of the vulnerabilities, colourfully named OMIGOD which was the researchers first reaction when they discovered them.

    In addition to Azure cloud customers, other Microsoft customers are affected since OMI can be independently installed on any Linux machine and is frequently used on-premise, the researchers add.

    The good news is that Microsoft has shipped fixes for the issues as part of the September Patch Tuesday bundle, and Wiz urges all Azure users to ensure they are running patched versions of the OMI. Weve also rounded up the best web hosting services



    ======================================================================
    Link to news story: https://www.techradar.com/news/azure-users-running-linux-vms-should-update-the ir-systems-right-away/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)