fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App

Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances.

OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, used by multiple Azure services, including Open Management Suite (OMS), Azure InsightsAzure Automation.

These vulnerabilities were found by cloud security firm Wiz researchers Nir Ohfeld and Shir Tamari, who dubbed them OMIGOD.

“Problematically, this ‘secret’ agent is both widely used (because it is open source) and completely invisible to customers as its usage within Azure is completely undocumented,” Ohfeld said.

Millions of endpoints exposed to attacks

The researchers “conservatively estimate” that thousands of Azure customers and millions of endpoints are impacted by these security flaws:

  • CVE-2021-38647 – Unauthenticated RCE as root (Severity: 9.8/10)
  • CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8/10)
  • CVE-2021-38645 – Privilege Escalation vulnerability (Severity: 7.8/10)
  • CVE-2021-38649 – Privilege Escalation vulnerability (Severity: 7.0/10)

All Azure customers with Linux machines running one of the following tools or services are at risk:

  • Azure Automation
  • Azure Automatic Update
  • Azure Operations Management Suite (OMS)
  • Azure Log Analytics
  • Azure Configuration Management
  • Azure Diagnostics

“When users enable any of these popular services, OMI is silently installed on their Virtual Machine, running at the highest privileges possible,” Ohfeld added. “This happens without customers’ explicit consent or knowledge. Users simply click agree to log collection during set-up and they have unknowingly opted in.”

Other Microsoft customers are also impacted by the OMIGOD flaws, given that the OMI agent can also be manually installed on-premise as it is built in the System Center for Linux, which is Microsoft’s server management tool.

Also Read: Vulnerability Management For Cybersecurity Dummies

“This is a textbook RCE vulnerability that you would expect to see in the 90’s – it’s highly unusual to have one crop up in 2021 that can expose millions of endpoints,” Ohfeld added regarding the CVE-2021-38647 RCE bug. 

“With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It’s that simple.

“[T]his vulnerability can be also used by attackers to obtain initial access to a target Azure environment and then move laterally within it.”

How to secure your Azure Linux endpoint

“Microsoft released a patched OMI version (1.6.8.1). In addition, Microsoft advised customers to manually OMI, see the suggested steps by Microsoft here,” Wiz security researcher Nir Ohfeld said.

“If you have OMI listening on ports 5985, 5986, 1270 we advise limiting network access to those ports immediately in order to protect from the RCE vulnerability (CVE-2021-38647).”

Even though Microsoft introduced a Enhanced Security commit on August 11, 2021, effectively exposing all the details threat actors needed to develop an exploit, the company only released a patched OMI software agent version on September 8 and only assigned CVEs one week later, as part of this month’s Patch Tuesday. 

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

To make things worse, there is no auto-update mechanism Microsoft can use to update the vulnerable agents on all Azure Linux machines, which means that customers have to upgrade it manually to secure endpoints from any incoming attacks using OMIGOD exploits.

To manually update the OMI agent, you have to:

  • Add the MSRepo to your system. Based on the Linux OS that you are using, refer to this link to install the MSRepo to your system: Linux Software Repository for Microsoft Products | Microsoft Docs
  • You can then use your platform’s package tool to upgrade OMI (for example, sudo apt-get install omi or sudo yum install omi).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us