If your Linux machine in Azure has port 5986, 5985, or 1270 externally exposed, you need to update it as soon as possible.
Users of Azure who are running Linux virtual machines may not be aware they are have a severely vulnerable piece of management software installed on their machine by Microsoft, that can be remotely exploited in an incredibly surprising and equally stupid way. As detailed by Wiz.io, which found four vulnerabilities in Microsoft’s Open Management Infrastructure project, an attacker would be able to gain root access on a remote machine if they sent a single packet with the authentication header removed. « This is a textbook RCE vulnerability that you would expect to see in the 90’s — it’s highly unusual to have one crop up in 2021 that can expose millions of endpoints, » Wiz security researcher Nir Ohfeld wrote.
