Tech

Security researchers at Wiz discover another major Azure vulnerability

Storm clouds have been photoshopped to bring lightning down on computer components.

Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images)

Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure.

The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure’s UI.

At its worst, the vulnerability in OMI could be leveraged into remote root code execution—although thankfully, Azure’s on-by-default, outside-the-VM firewall will limit it to most customers’ internal networks only.

Read 26 remaining paragraphs | Comments