Quote:Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure (OMI) — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said.
Collectively dubbed “OMIGOD” because of the name and the reaction of the researchers who discovered them, the flaws — which were zero-day when found — affect thousands of Azure customers and millions of endpoints, according to a blog post published this week by cloud infrastructure security firm Wiz.
Though Microsoft patched them this week in its monthly Patch Tuesday raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code — particularly open-source code — on their systems that allows for exploitation, researchers said.
Indeed, recent high-profile supply-chain attacks such as SolarWinds and Kaseya demonstrate how much damage can be done when undetected flaws in third-party software that organizations use in larger systems are exploited.
“One of the biggest challenges in preventing them is that our digital supply chain is not transparent,” senior security researcher Nir Ohfeld wrote in the Wiz post. “If you don’t know what’s hidden in the services and products you use every day, how can you manage the risk?
Indeed, the OMIGOD vulnerabilities discovered by Ohfeld and his colleagues present a security danger to potentially millions of unsuspecting customers of cloud computing services, he said.
Read more: Azure Zero-Day Bugs Show Lurking Supply-Chain Risk | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
