#Microsoft #Azure silently install management agents on #Linux VMs, which now have RCE & LPE vulnerabilities ! « OMI is just one example of a secret #software agent that's pre-installed and silently deployed in cloud environments » ; « Thanks to the combination of a simple conditional statement coding mistake and an uninitialized auth struct, any request without an Authorization header has its privileges default to uid=0, gid=0, which is root » #vuln #wormable #botnets #threats #informatique #cloud

https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution