A Mirai botnet is abusing recently disclosed vulnerabilities in Open Management Infrastructure (OMI), an open-source Web-Based Enterprise Management (WBEM). The exploited vulnerabilities are called OMIGOD and were disclosed recently by Microsoft.
What has happened?
According to researchers, Mirai operators had already started exploiting systems exposed to the OMIGOD vulnerability days after it was disclosed. The flaws were discovered by Wiz and named OMIGOD.
The flaw, tracked as CVE-2021-38647, exists in OMI, which is used in multiple Azure services and VM management extensions.
Additionally, customers with OMI listening on ports 1270, 5985, and 5986 are advised to limit network access to those ports as soon as possible to stay protected from CVE-2021-38647.
The tech giant has released a patched OMI version (1.6.8-1) addressing the flaws. Moreover, the tech firm suggested customers update OMI manually with suggested steps.
The recently discovered flaws are already being exploited in the wild, which makes it important for users to update their software at the earliest. Moreover, there is no auto-update mechanism for Microsoft to fix the exposed agents on all Azure Linux machines. Therefore, customers have to update manually to protect endpoints from OMIGOD exploits.