Microsoft Azure Virtual Machines were Used to infect Users with Botnet Malware

According to the recent release of Microsoft, Cybercriminals have been actively targeting significant Azure flaws. According to BleepingComputer, the first assaults were discovered last week by security researcher Germán Fernández and validated by cybersecurity providers GreyNoise and Bad Packets.

The Open Management Infrastructure (OMI) software agent, which is automatically deployed inside Linux Virtual Machines (VMs) when customers enable certain Azure services, was found to have four privilege escalation and remote code execution vulnerabilities.

However, instead of updating all vulnerable Azure services, Microsoft issued an advisory noting that while it will update six of them, the remaining seven must be updated by users individually.

Researchers at Wiz found the OMI(Open Management Infrastructure) flaws, and they believe that thousands of Azure customers with millions of endpoints are at risk. By deleting the authentication header from a single message, an attacker can gain root access to a remote machine. According to Wiz researcher Nir Ohfeld, exploiting one of the four vulnerabilities (identified as CVE-2021-38647) could lead to a successful attack on Microsoft Azure.

Despite patching the vulnerabilities, Microsoft has revealed that it is still in the process of handing out the solution to its cloud customers for some of the compromised services.