OODA Loop – Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant security blind spot. The flaws were named OMIGOD because of the software name and the reactions of researchers who discovered them as zero-day vulnerabilities. The flaws could potentially affect thousands of Azure customers and millions of endpoint, according to infrastructure security firm Wiz.

Microsoft patched the skew of bugs in this month’s Patch Tuesday, however, users need to implement the fixes to mitigate any further risks. OMI highlights risks facing the supply chain when companies unknowingly run open-source code on their systems that allow for exploitation, according to researchers. According to security professionals, over 65% of Azure customers are unknowingly at risk to the OMIGOD vulnerabilities.

Source link