Researchers have found that threat actors exploit Azure OMIGOD, a group of four vulnerabilities in the Open Management Infrastructure (OMI) that provide scope for privilege escalation and remote code execution.
Wiz researchers who first discovered the bugs noted that they may affect thousands of Azure customers and millions of endpoints.
The first attacks were discovered by security researchers, who showed that a Mirai botnet was behind some of the exploit attempts against Azure Linux OMI endpoints, which are vulnerable to CVE-2021-38647 RCE exploits.
In analyzing the botnet, digital forensics company Cado Security noted that it “also closes the ports of the vulnerabilities it exploited to stop other botnets taking over the system.”
Among the steps customers should take to mitigate the risk, Microsoft said: “While updates are being rolled out using safe deployment practices, customers can protect against the RCE vulnerability by ensuring VMs are deployed within a Network Security Group (NSG) or behind a perimeter firewall and restrict access to Linux systems that expose the OMI ports (TCP 5985, 5986, and 1207).”
For more information, read the original story in Bleeping Computer.