What Expert Says On The Latest OMI Vulnerability In Azure


It has been reported that the cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. This vulnerability will impact the Linux virtual machines and in OMI service which is installed as part of the byproduct of enabling any of several logging reporting and/or management options in Azure’s UI.

Notify of

2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Dr. George Papamargaritis
Dr. George Papamargaritis , MSS Director
InfoSec Expert
September 15, 2021 12:51 pm

<p>This is related to a typical input validation vulnerability, i.e. the system does not validate or incorrectly validates the input data so that to use it safely to backend applications and workflows. This may occur due to weak architectural design or fail of any tests to realize the issue at implementation phase.</p>
<p>As a result any exploitation may cause consequences to the availability of the service, confidentiality or the integrity. Nevertheless the likelihood at this stage is low considering that Azure\’s on-by-default, outside-the-VM firewall will limit it to most customers\’ internal networks only.</p>
<p>Potential mitigation actions:</p>
<li>Enforce secure code tactics to architecture design especially to open source projects</li>
<li>Stronger QA on implementation especially if \"open source\" components are reused</li>
<li>Frequent vulnerability assessments (web / database scanning, source code reviews)</li>
<li>Application of Detection methods\"</li>

Last edited 1 year ago by Dr. George Papamargaritis
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
September 15, 2021 12:48 pm

<p>The report that Wiz has discovered a vulnerability in Azure, which in the worst-case scenario has the potential to execute root-level code but is mostly mitigated by Azure’s on-by-default outside-the-VM firewall, should encourage every organization to confront a simple fact about cloud security: you need to go far beyond basic perimeter-based security when pushing workflows and more importantly sensitive data into your public cloud environments. Vulnerabilities are always hiding somewhere in the perimeters around cloud-based data, just waiting to be discovered and exploited, so your defensive posture should focus on protecting the data itself. Data-centric security such as tokenization and format-preserving encryption can replace sensitive data elements with benign representational tokens, so even if perimeter breaches or vulnerabilities lead to the wrong people getting hands on your enterprise data in the cloud, sensitive information still remains fully protected and cannot be leveraged for financial gain by threat actors. Remember that the regulators won’t hold your cloud provider responsible in the instance that peoples’ sensitive data is exposed. They will be looking toward you and your organization to answer for it.</p>

Last edited 1 year ago by Trevor Morgan
Information Security Buzz
Would love your thoughts, please comment.x