OMIGOD, Microsoft's secret agent that compromises Linux
Microsoft just can't seem to get it right.
From: https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
"When customers set up a Linux virtual machine in their cloud, the OMI agent is automatically deployed without their knowledge when they enable certain Azure services. Unless a patch is applied, attackers can easily exploit these four vulnerabilities to escalate to root privileges and remotely execute malicious code (for instance, encrypting files for ransom)."
Today Microsoft issued the following CVEs for OMIGOD and made a patch available to customers during their Patch Tuesday release:
CVE-2021-38647 – Unauthenticated RCE as root (Severity: 9.8)
CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8)
CVE-2021-38645 – Privilege Escalation vulnerability (Severity: 7.8)
CVE-2021-38649 – Privilege Escalation vulnerability (Severity: 7.0)