“Secret” Agent Exposes Azure Customers To RCE

This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network.

Source: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog

And, if this does not seem bad enough, the said agent will an attacker root access when the authentication header is missing:

When working with the cloud, do your threat modelling before choosing a vendor.

For the VMware users here.

VMWare’s vCenter Server is vulnerable to a remote code execution (RCE) vulnerability. That means, an attacker would be able to execute code on any machine with that software reachable from the internet. Executing arbitrary code would also allow malware to replicate, AKA worm. The vulnerability is tracked as CVE-2021-21985.

Code execution flaw in vCenter is exploited to install web shell on unpatched machines.

From the article

Source: This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica