Defend Zero Day Attacks

Garner holistic visibility across development and deployment life cycle. Mitigate risks proactively to foil attacks with our most advanced and sophisticated CNAPP product.

Open Source

AccuKnox is the first 5G Security-ORAN to be published on Nephio

From fortifying the control plane to addressing vulnerabilities in the data plane, read the white paper and discover the crucial steps we need to take in order to enhance the security of 5G networks.

Cloud Native Security Redefined

Accelerate your cloud journey with our battle-tested expertise, delivering a comprehensive zero trust framework that safeguards cloud infrastructure and applications from targeted attacks.

Open Source

KubeArmor is now certified Redhat Openshift Operator

Embracing the Power of Open Source: We are proud to contribute to the open-source community, allowing businesses to leverage the strength of KubeArmor to safeguard their containerized environments.

OMIGOD- Critical Vulnerabilities in OMI Affecting Countless Azure Customers

by | Oct 28, 2021

Reading Time: 3 minutes


Among Google cloud, IBM, and AWS,  Microsoft Azure was cited as the most trusted public cloud. The Covid-19 pandemic has accelerated the adoption of cloud computing with multiple companies migrating to the cloud providers, especially Microsoft’s Azure, cites this new research.

OMI doesn’t come with VMs, but we are installing them on top of the virtual machine. Most of the users use these convenient purposes. Recently, azure has been affected by four critical vulnerabilities in OMI. Which is one of Azure’s almost every yet least known software agent and is deployed on a vast portion of Linux VMs in Azure.

These are the CVE details for OMI critical vulnerabilities, which are very easy to exploit, and the attacker will launch an attack within the network by remotely executing an arbitrary code with a single request, and he will gain the root privileges.

What is OMI?

Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Several Azure Virtual Machine (VM) management extensions use this framework to orchestrate configuration management and log collection on Linux VMs.

The remote code execution vulnerability only impacts customers using a Linux management solution (on-premises System Center Operations Manager (SCOM or Azure Automation State Configuration or Azure Desired State Configuration extension) that enables remote OMI management.

OMI is an agent which is automatically deployed on azure VMs as a segment in the onboarding process, which allows the users to handle the configurations across remote and local environments and collect statistics.

OMI is UNIX/Linux, similar to Windows WMI. OMI agents are normally used on-premises for the management of Linux machines. OMI is set up into Microsoft System Center for Linux, Microsoft’s server management solution.

Who is Vulnerable

Most massive organizations using Azure are affected.  First and foremost, any customer using one or more of the following services:

  • Azure Automation
  • Azure Automatic Update
  • Azure Operation Management Suite
  • Azure Log Analytics
  • Azure Configuration Management
  • Azure Diagnostics

Note: these are some partial lists.

What versions of OMI are vulnerable?

All OMI versions below v1.6.8-1 are vulnerable.

How to identify your virtual machine with open management infrastructure (OMI)

Identify your VMs with OMI agents

The first step is to gather a list of all of your Azure VMs that have the OMI agent installed on them.

1. Connect to your Azure VMs and run in the terminal:

a. For Debian systems (e.g., Ubuntu): dpkg-I omi

Open management infrastructure

b. For Redhat-based systems (e.g., Fedora, CentOS, RHEL): rpm-qa omi

For Redhat-based systems: rpm-qa omi

If OMI isn’t installed, no results will return, and your machine isn’t vulnerable to OMIGOD.

2. If results return, you’ll be able to see what the installed OMI version on your machines is. Version is the patched version.

How can we mitigate an OMI attack?

To mitigate this vulnerability Microsoft is providing the tool to check whether your VMs are vulnerable or not to this attack. To perform this download the following GitHub URL in cloud shell. (This tool detects vulnerable OMI installations (< in your subscriptions). SSH into VMs in the cloud shell.

Solutions for Cloud

Automatic: On September 17, 2021, Microsoft announced an auto-update feature for OMI agents installed as part of Azure cloud services. According to the announcement, the auto-update process should be completed by September 22, 2021.

Manual Update

Change the directory
cd OMS-Agent-for-Linux/tools/OMIcheck/

To check for Vulnerability


iff you don’t get any output, it means you don’t have omi installed in your VMs. If you have installed it, it will show the version number of omi. The patched version of OMI is
If OMI is not installed in your VM, it will install automatically but if you have a running vulnerable version, it will automatically upgrade to the latest stable version.

OMI installed in your VMs

On-premise Solutions:

Microsoft provides on-premises installations, along with specific additional products, that still require manual updating of the OMI package.

For more information on how to protect against OMIGOD vulnerability, do refer to this blog:

Thank You!


Now you can protect your workloads in minutes using AccuKnox, it is available to protect your Kubernetes and other cloud workloads using Kernel Native Primitives such as AppArmor, SELinux, and eBPF.

Let us know if you are seeking additional guidance in planning your cloud security program.

Please enable JavaScript in your browser to complete this form.
We protect your organization against current and emerging threats with Zero Trust Cloud Security Solutions
Potential of CSPM: Answering the Market’s Demands

Potential of CSPM: Answering the Market’s Demands

Cloud security has gained prominence in a time of complex multi-cloud architectures and increased online threats. CSPM tools are essential for businesses looking to strengthen their cloud security procedures because they provide essential features and ready-made solutions for cloud security. Discover the four essential steps to improving your cloud security posture.

read more