{"id":3167,"date":"2021-09-16T13:16:58","date_gmt":"2021-09-16T07:46:58","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3167"},"modified":"2021-09-16T13:17:00","modified_gmt":"2021-09-16T07:47:00","slug":"microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/","title":{"rendered":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App"},"content":{"rendered":"\n<p>Microsoft has tracked four critical vulnerabilities collectively called OMIGOD which are discovered in the Open Management Infrastructure (OMI) software agent quietly installed on Azure Linux machines computing for more than half of the Azure precedents.<\/p>\n\n\n\n<p>OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, utilized by multiple Azure services, including an Open Management Suite (OMS), Azure Insights, and Azure Automation.<\/p>\n\n\n\n<p>All these vulnerabilities were discovered by cloud security firm Wiz researchers Nir Ohfeld and Shir Tamari, who named them OMIGOD. \u201cMistakenly, this \u2018secret\u2019 agent is both broadly utilized (because it is open source) and completely unseen to the customers as it management with Azure is completely undocumented.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Over Millions of Endpoints are exposed to the Attacks<\/strong><\/h2>\n\n\n\n<p>The investigators \u201csecretly conclude\u201d that thousands of Azure customers and millions of endpoints are affected by the following security flaws:<\/p>\n\n\n\n<ul><li>CVE-2021-38647 \u2013 Unauthenticated RCE as root (Severity: 9.8\/10)<\/li><li>CVE-2021-38648 \u2013 Privilege Escalation vulnerability (Severity: 7.8\/10)<\/li><li>CVE-2021-38645 \u2013 Privilege Escalation vulnerability (Severity: 7.8\/10)<\/li><li>CVE-2021-38649 \u2013 Privilege Escalation vulnerability (Severity: 7.0\/10)<\/li><\/ul>\n\n\n\n<p>All the Azure customers with Linux machines functioning one of the following tools or services are at risk:<\/p>\n\n\n\n<ul><li>Azure Automation<\/li><li>Azure Automatic Update<\/li><li>Azure Operations Management Suite (OMS)<\/li><li>Azure Log Analytics<\/li><li>Azure Configuration Management<\/li><li>Azure Diagnostics<\/li><\/ul>\n\n\n\n<p>&#8220;When users allow any of these popular services, OMI is silently installed on their Virtual Machine, functioning at the highest rights possible.\u201d This happens without customers\u2019 exact consent or knowledge. The user simply clicks on agree to log collection during the set-up and they have unknowingly opted in.<\/p>\n\n\n\n<p>Various Microsoft customers are also affected by the OMIGOD bugs, given that the OMI agent can also be manually installed on-premise as it is designed in the System Center for Linux, which is Microsoft\u2019s server management tool.<\/p>\n\n\n\n<p>\u201cThis is a textbook RCE vulnerability that you would except to see in the 90\u2019s \u2014it\u2019s highly unusual to have one crop up in 2021 that can reveal millions of endpoints.\u201d \u201cWith a single packet, a threat actor can become root on a remote machine by simply removing the authentication header. It\u2019s that simple.\u201d<\/p>\n\n\n\n<p>\u201cThis vulnerability can be also utilized by the threat actors to obtain the primary access to a target azure environment and then move laterally within it.\u201d&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"400\" height=\"460\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-image1.png\" alt=\"Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-image1\" class=\"wp-image-3170\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-image1.png 400w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-image1-261x300.png 261w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Protect Your Azure Linux Endpoints?<\/strong><\/h2>\n\n\n\n<p>Microsoft released a patched OMI version (1.6.8.1). Additionally, Microsoft recommends customers to manually OMI. If one of you has the OMI listening on ports 5985, 5986, 1270 we suggest limiting network access to those ports immediately to secure from the RCE vulnerability (CVE-2021-38647).<\/p>\n\n\n\n<p>Although Microsoft introduced an Enhanced Security Commit on August 11, 2021, effectively revealing all the details threat actor required to develop and exploit, the organization only released a patched OMI software agent version on September 8 and only assigned CVEs one week later, as part of this month\u2019s Patch Tuesday.<\/p>\n\n\n\n<p>To make things worse, there is no auto-update mechanism Microsoft can use to update the vulnerable agents on all the Azure Linux machines, which means that the users have to upgrade it manually to protect endpoints from any incoming attacks using OMIGOD exploits.<\/p>\n\n\n\n<p>To manually update the OMI agent, you have to follow these steps:<\/p>\n\n\n\n<ul><li>Add the MSRepo to your system. Based on the Linux OS that you are using, refer to this link to install the MSRepo to your system: Linux Software Repository for Microsoft Products | Microsoft Docs<\/li><li>You can then use your platform&#8217;s package tool to upgrade OMI (for example, sudo apt-get install omi or sudo yum install omi).&nbsp; &nbsp; &nbsp;&nbsp;<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has tracked four critical vulnerabilities collectively called OMIGOD which are discovered in the Open Management Infrastructure (OMI) software agent quietly installed on Azure Linux machines computing for more than half of the Azure precedents. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, utilized by [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3169,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Microsoft has tracked four critical vulnerabilities collectively called OMIGOD which are discovered in the Open Management Infrastructure (OMI) software agent quietly installed on Azure Linux machines computing for more than half of the Azure precedents. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, utilized by [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-16T07:46:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-16T07:47:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App\",\"datePublished\":\"2021-09-16T07:46:58+00:00\",\"dateModified\":\"2021-09-16T07:47:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\"},\"wordCount\":595,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\",\"url\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\",\"name\":\"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-16T07:46:58+00:00\",\"dateModified\":\"2021-09-16T07:47:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited","og_description":"Microsoft has tracked four critical vulnerabilities collectively called OMIGOD which are discovered in the Open Management Infrastructure (OMI) software agent quietly installed on Azure Linux machines computing for more than half of the Azure precedents. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, utilized by [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-16T07:46:58+00:00","article_modified_time":"2021-09-16T07:47:00+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-a-Critical-Bugs-OMIGOD-in-Azure-Linux-App-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App","datePublished":"2021-09-16T07:46:58+00:00","dateModified":"2021-09-16T07:47:00+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/"},"wordCount":595,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/","url":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/","name":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-16T07:46:58+00:00","dateModified":"2021-09-16T07:47:00+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-a-critical-bugs-omigod-in-azure-linux-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Fixes a Critical Bugs \u2018OMIGOD\u2019 in Azure Linux App"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3167"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3167"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3167\/revisions"}],"predecessor-version":[{"id":3171,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3167\/revisions\/3171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3169"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}