No sooner had the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances been revealed then threat actors were already on the case, exploiting the flaws.
“Mirai botnet is exploiting #OMIGOD—they drop a version of Mirai DDoS botnet and then close 5896 (OMI SSL port) from the internet to stop other people exploiting the same box,” Kevin Beaumont, aka GossiTheDog tweeted.
Microsoft disclosed the four vulnerabilities during this September’s Patch Tuesday earlier this week.