OMIGOD Vulnerabilities

Last week researchers discovered a series of vulnerabilities within Open Management Infrastructure (OMI), a software agent used in many Azure services. It’s something that’s pre-installed on Azure Linux VM instances to enable remote management and configuration of systems (a la WinRM for Linux/Unix).

There were three privilege escalation vulnerabilities identified, and a fourth that allows for remote code execution via certain ports - specifically 5985, 5986, and 1270. With this, attackers can target hosts and gain root access, leading to things like exfiltration of sensitive data or execution of malicious code.

An OMS agent update has since been released to address these vulnerabilities, and we’ve got some more info here on how to detect and fix them. Still, this incident has highlighted what can happen with services like OMI that are silently installed and generally not well-known, leaving users unaware of their risk.

It’s also reignited the debate around whether open source code (like OMI) is an inherent supply chain risk. I’d be interested in hearing other folks’ thoughts here - what do you think about open source vs. proprietary software (AKA stuff that’s licensed/copyrighted) when it comes to these kinds of risks? And what else should be done to mitigate it?