OMI vulnerabilities threaten Linux virtual machines on Azure

Source
Advertisement


News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it.

Although a stealth installation might sound terrible on its face, this one actually wouldn’t be so bad were it not for two issues: First, the agent has known vulnerabilities, and second, the agent has no automatic update mechanism in Azure. Until Microsoft solves this problem on its end, organizations using Linux virtual machines on Azure will need to take action.

Advertisement