[ad_1]
Anyone who uses Microsoft’s Azure cloud service to operate Linux virtual machines should quickly install important security patches. Unknown attackers are currently working on several security holes to install malware for mining cryptocurrency on vulnerable servers. It is currently not known to what extent the attacks are running.
Attackers secure exclusive access
By exploiting the four security holes baptized OMIGOD (CVE-2021-38645 “high“, CVE-2021-38647 “critical“, CVE-2021-38648 “high“, CVE-2021-38649 “high“) attackers can execute malicious code with root rights by simply omitting the authentication header in response to a request. The core of the vulnerabilities is the Open Management Infrastructure Service (OMI), which in many cases is automatic and from the User starts unnoticed.
Several security researchers are now reporting on attacks on vulnerable systems independently of one another. Among other things, the Mirai botnet is said to be responsible for this. If attacks are successful, crypto miners, for example, should land on systems. Cardo researchers say they have observedthat attackers close ports after successful attacks so that other attackers are left out.
Patching is not that easy
With a cloud service, you should assume that the provider will take care of closing the gaps. In this case, Microsoft only wants to fix six security problems automatically. Admins have to lend a hand themselves for seven other vulnerabilities. Among other things, they have to find out whether the secured OMI version 1.6.8-1 is installed and their systems have already been compromised. In an article, Microsoft admins gives important tips for security.
(from)
Disclaimer: This article is generated from the feed and not edited by our team.
[ad_2]
