Major Azure vulnerability discovered by security researchers at Wiz

Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure’s UI.

In the worst case scenario, the vulnerability in OMI could be used for remote root code execution— though in many cases, Azure’s on-by-default, outside-the-VM firewall will limit it to most customers’ internal networks only.


We asked security experts to comment on the vulnerability and provide advice:


Trevor Morgan, product manager at comforte AG said:
“The report that Wiz has discovered a vulnerability in Azure, which in the worst-case scenario has the potential to execute root-level code but is mostly mitigated by Azure’s on-by-default outside-the-VM firewall, should encourage every organisation to confront a simple fact about cloud security: you need to go far beyond basic perimeter-based security when pushing workflows and more importantly sensitive data into your public cloud environments. Vulnerabilities are always hiding somewhere in the perimeters around cloud-based data, just waiting to be discovered and exploited, so your defensive posture should focus on protecting the data itself. Data-centric security such as tokenisation and format-preserving encryption can replace sensitive data elements with benign representational tokens, so even if perimeter breaches or vulnerabilities lead to the wrong people getting hands on your enterprise data in the cloud, sensitive information still remains fully protected and cannot be leveraged for financial gain by threat actors. Remember that the regulators won’t hold your cloud provider responsible in the instance that peoples’ sensitive data is exposed. They will be looking toward you and your organisation to ..

Support the originator by clicking the read the rest link below.