Security News

Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to protect themselves against the four "OMIGOD" bugs in the Open Management Infrastructure framework, because Microsoft hasn't raced to do it for them. As The Register outlined in our report on this month's Patch Tuesday release, Microsoft included fixes for flaws security outfit Wiz spotted in OMI. Wiz named the four flaws "OMIGOD" because they are jaw-droppers.

Four Microsoft zero-day vulnerabilities in the Azure cloud platform's Open Management Infrastructure - a software that many don't know is embedded in a host of services - show that OMI represents a significant security blind spot, researchers said. Though Microsoft patched them this week in its monthly Patch Tuesday raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code - particularly open-source code - on their systems that allows for exploitation, researchers said.

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. OMI is a software service for IT management with support for most UNIX systems and modern Linux platforms, used by multiple Azure services, including Open Management Suite, Azure Insights, Azure Automation.

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances services that could have been exploited by a malicious actor "To access other customers' information" in what the researcher described as the "First cross-account container takeover in the public cloud." Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.

Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.An adversary exploiting Azurescape could execute commands in the other users' containers and gain access to all their data deployed to the platform, the researchers say.

Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "To access other customers' information." Azure Container Instances is a serverless container environment.

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. To mitigate the risk and block attackers who might've stolen your Cosmos DB primary read-write keys before the vulnerable feature was disabled, Microsoft advises regenerating the Cosmos DB keys.

A critical security vulnerability in Microsoft's Azure cloud database platform - Cosmos DB - could have allowed full remote takeover of accounts, with admin rights to read, write and delete any information to a database instance. "Azure Cosmos DB built-in Jupyter Notebooks are directly integrated into the Azure portal and your Azure Cosmos DB accounts, making them convenient and easy to use," according to Microsoft's documentation.

On Thursday, the company sent warnings to "Thousands" of its cloud computing customers, explaining that "Intruders" could have access to their databases, according to Reuters. On Thursday, Microsoft alerted cloud customers that uninvited guests could have access to their databases, according to Reuters.

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. "Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.