Attacks Targeting OMIGOD Vulnerability Ramping Up

Microsoft released patches for a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework this month, and attackers are increasingly exploiting it.

This critical vulnerability, dubbed OMIGOD and tracked as CVE-2021-38647, was discovered to affect Linux virtual machines deployed on Azure. In addition to the fixes included in the September 2021 Patch Tuesday updates, Microsoft released additional mitigations for this bug and three elevations of privilege vulnerabilities affecting OMI last week.

Microsoft asserts that Azure customers with automatic updates enabled will receive the required fixes within days, whereas those without automatic updates enabled will need to manually update their installations. Other Linux distributions with installed Azure/SCOM/OMS agents are also vulnerable, according to Pwndefend.

However, security researcher Kevin Beaumont warns that Microsoft failed to apply patches to new deployments and that the tech giant’s approach to patch delivery was not as straightforward as anticipated.

Unsurprisingly, less than a week after the vulnerability was made public (Microsoft pushed fixes to the OMI source code on August 12), attacks against CVE-2021-38647 are intensifying.

This is what typically occurs when critical, highly impactful security flaws are made public, but the situation appears particularly dire in this case because exploitation is relatively simple.

Sophos explains, “Rather than guessing a valid authentication token to include in a fraudulent OMI web request, you simply omit any mention of the authentication token and you’re in.”

The good news is that there are fewer Internet-facing deployments with similar vulnerabilities than in recent years. According to Censys, there are a total of 101 potentially vulnerable exposed services in the world, including a major health entity and two major entertainment organizations.

Censys notes that the small footprint can be attributed to nuances in how the OMI service responds and that exposing OMI to the Internet is likely to require deliberate effort.

Researchers monitoring the activity surrounding OMIGOD have detected an increase in the number of exploit attempts targeting the vulnerability.

Microsoft has also observed this behavior, which it describes as ranging from host enumeration to attacks designed to install cryptocurrency miners or other forms of malware. According to reports, cybercriminals have exploited the vulnerability to install a Mirai variant.

While the majority of attackers are targeting port 5986, port 1270 is also under attack. Due to the availability of easily adaptable proof-of-concept exploits and the volume of reconnaissance-type attacks, we anticipate an increase in effects-type attacks,” the company says.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Many Businesses Have Not Yet Patched The Citrix Flaw

February 8, 2020

One in five businesses has not yet patched this critical vulnerability. Even though Positive Technologies disclosed a critical vulnerability in Citrix software that put 80,000 businesses in 158 countries at risk, one in five businesses have yet to patch the…

WordPress Vulnerabilities Up 30 Percent in 2018

January 9, 2019

Despite fewer plugins being added to WordPress in 2017, the CMS platform experienced an increase in vulnerabilities in 2018. UPDATE In 2018, vulnerabilities in the popular content management system (CMS) WordPress increased by 30 percent, according to new research on…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of