Microsoft patched four Open Management Infrastructure flaws earlier this week.
Attackers have begun to exploit critical Microsoft Azure vulnerabilities that were disclosed and patched earlier this week, security researchers report.
The OMIGOD flaws, discovered by the Wiz Research Team, exist in Open Management Infrastructure (OMI), a widely used but little-known software agent embedded in a range of popular Azure services. They include remote code execution flaw CVE-2021-38647 and privilege escalation vulnerabilities CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649.
New data indicates attackers are scanning the Web for Azure Linux virtual machines that are vulnerable to CVE-2021-38647. The finding was first spotted by security researcher Germán Fernández on Thursday evening. Security firms Bad Packets and GreyNoise later confirmed the activity. And as Fernández pointed out, a Mirai botnet operator is among those scanning.
An unauthenticated, remote attacker could exploit CVE-2021-38647 by sending a specially crafted request to a vulnerable target over a publicly accessible remote management port (5986, 5985, and 1270). If successful, an attacker could become root on a remote machine.
As part of the ongoing Mirai activity, attackers drop a version of the Mirai DDoSbotnet and then close port 5896 from the Internet to stop others from exploiting the same box, as security researcher Kevin Beaumont wrote on Twitter. He also reported one of his test boxes was targeted by attackers who deployed a cryptominer.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024