Skip to main content


[bookmark=https://twitter.com/GossiTheDog/status/1437896101756030982]Microsoft Azure silently install management agents on your Linux VMs, which now have RCE and LPE vulns.

Microsoft don’t have an auto update mechanism, so now you need to manually upgrade the agents you didn’t know existed as you didn’t install them.

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog
www.wiz.io
[/bookmark]

hackbyte reshared this.