Economy
Security researchers at Wiz discover another major Azure vulnerability
Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure.
The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure’s UI.
At its worst, the vulnerability in OMI could be leveraged into remote root code execution—although thankfully, Azure’s on-by-default, outside-the-VM firewall will limit it to most customers’ internal networks only.