Security researchers at Wiz discover another major Azure vulnerability

1 month ago 15
Storm clouds person  been photoshopped to bring lightning down   connected  machine  components.

Enlarge / This isn't however the OMIGOD vulnerability works, of course—but lightning is overmuch much photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images)

Cloud information vendor Wiz—which precocious made quality by discovering a massive vulnerability successful Microsoft Azure's CosmosDB-managed database service—has recovered different spread successful Azure.

The caller vulnerability impacts Linux virtual machines connected Azure. They extremity up with a little-known work called OMI installed arsenic a byproduct of enabling immoderate of respective logging reporting and/or absorption options successful Azure's UI.

At its worst, the vulnerability successful OMI could beryllium leveraged into distant basal codification execution—although thankfully, Azure's on-by-default, outside-the-VM firewall volition bounds it to astir customers' interior networks only.

Read 26 remaining paragraphs | Comments

Read Entire Article