A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
Background /What has happened?
Open Management Infrastructure (OMI) is an open source software agent which can be used to perform remote management of hosts if it is installed via HTTP/HTTPS.
OMI is deployed on certain Linux-based services within Microsoft Azure.
If a vulnerable OMI deployment exposes a HTTP/HTTPS port it is susceptible to this remote code execution vulnerability. Microsoft has identified that most Azure services which utilise OMI do not expose a HTTP or HTTPS port.
While this vulnerability may primarily affect Microsoft Azure customers, other organisations may have incorporated the use of OMI into their own infrastructure and may be vulnerable.
Mitigation / How do I stay secure?
A patch for OMI is available to mitigate this vulnerability.
All Australian customers who utilise Microsoft Azure should review Microsoft’s security advisory for information on how to determine possible vulnerability as well as how to apply the security update.
Organisations which have incorporated OMI into their own infrastructure should ensure they are utilising the latest version available from the OMI GitHub page.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).