Background /What has happened?
Open Management Infrastructure (OMI) is an open source software agent which can be used to perform remote management of hosts if it is installed via HTTP/HTTPS.
OMI is deployed on certain Linux-based services within Microsoft Azure.
If a vulnerable OMI deployment exposes a HTTP/HTTPS port it is susceptible to this remote code execution vulnerability. Microsoft has identified that most Azure services which utilise OMI do not expose a HTTP or HTTPS port.
While this vulnerability may primarily affect Microsoft Azure customers, other organisations may have incorporated the use of OMI into their own infrastructure and may be vulnerable.
Mitigation / How do I stay secure?
A patch for OMI is available to mitigate this vulnerability.
All Australian customers who utilise Microsoft Azure should review Microsoft’s security advisory for information on how to determine possible vulnerability as well as how to apply the security update.
Organisations which have incorporated OMI into their own infrastructure should ensure they are utilising the latest version available from the OMI GitHub page.
Assistance / Where can I go for help?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).