A series of four vulnerabilities involving software agent Open Management Infrastructure has left Microsoft Azure customers exposed to remote code execution.
The flaws were reported Tuesday by cloud security vendor Wiz, which previously disclosed the ChaosDB Azure vulnerability last month. At the center is Open Management Infrastructure (OMI), an open source software sponsored by Microsoft that Wiz researcher Nir Ohfeld described in a blog post as essentially "Windows Management Infrastructure (WMI) for Unix/Linux systems."
Linux reportedly made up over half of Azure instances as of 2019, and Wiz's post explained that customers utilizing Linux machines are vulnerable if they use any of a list of tools and services that use OMI, including many common ones. Examples include Azure Automation, Azure Automatic Update and Azure Log Analytics. Ohfeld said the OMI agent is automatically installed on Linux virtual machines in Azure -- without customers' knowledge -- when those services are enabled.
"Because customers don't know what franken-code is running in the background of the services they use, they remain at risk and unaware," he said.
Specifically, customers are exposed to a set of four vulnerabilities: three high-severity privilege escalation vulnerabilities (CVE-2021-38648, CVE-2021-38645 and CVE-2021-38649) and a critical remote code execution vulnerability, CVE-2021-38647, which has a CVSS of 9.8. Together, Wiz calls the series "OMIGOD," in reference to the OMI agent as well.
Microsoft patched the four vulnerabilities in its Patch Tuesday release this month, though the fixes will not be automatically applied for Azure customers. On Microsoft's page dedicated to the most severe vulnerability, CVE-2021-38647, it reads that an attacker could exploit the vulnerability by sending "a specially crafted message via HTTPS to port listening to OMI on a vulnerable system."
Ohfeld explained in the Wiz post that these vulnerabilities allow lower-privilege users to execute code remotely.
"The OMI agent runs as root with the highest privileges," he wrote. "Any user can communicate with it using a Unix socket or via an HTTP API when configured to allow external access. As a result, the vulnerabilities we found would allow external users or low-privileged users to remotely execute code on target machines or escalate privileges."
Microsoft said the fix to address the vulnerability was made available on Aug. 11. However, Wiz CTO Ami Luttwak tweeted Wednesday morning that Azure services still haven't been patched. Researcher Kevin Beaumont tweeted similarly, claiming that Microsoft will still issue vulnerable versions of the OMI agents for new Linux VMs created in Azure.
It appears that Azure customers will need to update their OMI software manually. Microsoft's security update for the flaws offered guidance for customers to fully mitigate the flaw, which included adding the MS Repo for OMI to their system and using platform's package tool to upgrade the open source software.
Asked for clarification regarding whether the vulnerabilities are completely fixed and whether customers need to take action, Microsoft declined to comment beyond linking to its security update guide. It also did not comment on whether the OMI agent is installed in customer environments without notification or consent.
Wiz head of research Shir Tamari told SearchSecurity that the Omi agent is silently deployed and has "virtually no documentation" in Azure, so it doesn't produce extensive logs for monitoring -- which makes it more challenging to track threat activity. That said, he shared a screenshot from GreyNoise showing a Chinese IP address scanning for OMIGOD vulnerabilities.
Wiz's post was critical of OMI's widespread use, given its small number of contributors.
"The ease of exploitation and the simplicity of the vulnerabilities makes us wonder if the OMI project is mature enough to be used so widely," Ohfeld said. "Yet this scenario is more common than you might think, and certainly not unique to Microsoft. One of the benefits of open source is that it's easy for developers to grab code from different projects and mix it with other open source and proprietary software. As a result, bad open source code can wind up in an enormous range of products and services -- inadvertently becoming a 'single point of failure.'"
At the end of his blog post, Ohfeld wrote that OMI is just one example of a "secret software agent" that's pre-installed in cloud environments and deployed without the customer's explicit knowledge. He said other such agents exist in AWS and GCP.
Alexander Culafi is a writer, journalist and podcaster based in Boston.