{"id":42839,"date":"2021-09-14T15:28:56","date_gmt":"2021-09-14T15:28:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32633\/Wiz-Discovers-Another-Major-Azure-Vulnerability.html"},"modified":"2021-09-14T15:28:56","modified_gmt":"2021-09-14T15:28:56","slug":"wiz-discovers-another-major-azure-vulnerability","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/","title":{"rendered":"Wiz Discovers Another Major Azure Vulnerability"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/data-center-cloud-lightning-ohmigod-800x450.jpg\" alt=\"Storm clouds have been photoshopped to bring lightning down on computer components.\"><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/data-center-cloud-lightning-ohmigod.jpg\" class=\"enlarge-link\" data-height=\"844\" data-width=\"1500\">Enlarge<\/a> <span class=\"sep\">\/<\/span> This isn&#8217;t how the OMIGOD vulnerability works, of course\u2014but lightning is much more photogenic than maliciously crafted XML.<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"16 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2021\/09\/security-researchers-at-wiz-discover-another-major-azure-vulnerability\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">21<\/span> <span class=\"visually-hidden\"> with 16 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache miss 495:single\/related:e7fe5cec9c935e2889a87fac06c899f0 --><!-- empty -->Cloud security vendor Wiz\u2014which recently made news by discovering a massive&nbsp;<a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/08\/worst-cloud-vulnerability-you-can-imagine-discovered-in-microsoft-azure\/\">vulnerability<\/a> in Microsoft Azure&#8217;s CosmosDB-managed database service\u2014has found another hole in Azure.<\/p>\n<p>The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and\/or management options in Azure&#8217;s UI.<\/p>\n<p>At its worst, the vulnerability in OMI could be leveraged into remote root code execution\u2014although thankfully, Azure&#8217;s on-by-default, outside-the-VM firewall will limit it to most customers&#8217; internal networks only.<\/p>\n<h2>OMIGOD<\/h2>\n<div class=\"gallery shortcode-gallery gallery-wide\">\n<ul>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enable-logging-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enable-logging.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enable-logging-980x519.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enable-logging-1440x762.png 2560\" data-sub-html=\"#caption-1794374\">\n<figure><figcaption id=\"caption-1794374\"><span class=\"icon caption-arrow icon-drop-indicator\"><\/span> <\/p>\n<div class=\"caption\"> Enabling logging on an Azure VM is one of several paths to getting OMI automatically deployed inside the VM itself. <\/div>\n<div class=\"credit\"> <span class=\"icon icon-camera\"><\/span> Jim Salter <\/div>\n<\/figcaption><\/figure>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-watching-omi-install-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-watching-omi-install.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-watching-omi-install-980x449.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-watching-omi-install.png 2560\" data-sub-html=\"#caption-1794375\">\n<figure><figcaption id=\"caption-1794375\"><span class=\"icon caption-arrow icon-drop-indicator\"><\/span> <\/p>\n<div class=\"caption\"> Although Azure&#8217;s UI doesn&#8217;t make it clear what&#8217;s happening, we can see OMI silently installing itself inside the running VM after logging is enabled. <\/div>\n<div class=\"credit\"> <span class=\"icon icon-camera\"><\/span> Jim Salter <\/div>\n<\/figcaption><\/figure>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enabling-inbound-traffic-in-azure-firewall-not-on-by-default-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enabling-inbound-traffic-in-azure-firewall-not-on-by-default.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enabling-inbound-traffic-in-azure-firewall-not-on-by-default-980x350.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-enabling-inbound-traffic-in-azure-firewall-not-on-by-default-1440x515.png 2560\" data-sub-html=\"#caption-1794373\">\n<figure><figcaption id=\"caption-1794373\"><span class=\"icon caption-arrow icon-drop-indicator\"><\/span> <\/p>\n<div class=\"caption\"> By default, OMI isn&#8217;t exposed to the Internet thanks to Azure&#8217;s default firewall. We punched a hole in the Azure firewall in order to access OMI remotely; it was already exposed to other VMs on our Azure private network. <\/div>\n<div class=\"credit\"> <span class=\"icon icon-camera\"><\/span> Jim Salter <\/div>\n<\/figcaption><\/figure>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-exploit-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-exploit.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-exploit.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/omigod-exploit.png 2560\" data-sub-html=\"#caption-1794366\">\n<figure><figcaption id=\"caption-1794366\"><span class=\"icon caption-arrow icon-drop-indicator\"><\/span> <\/p>\n<div class=\"caption\"> In this screenshot, I remotely leverage the OMIGOD vulnerability to drop a file\u2014owned by root\u2014in an affected Azure VM, with no authentication necessary. <\/div>\n<div class=\"credit\"> <span class=\"icon icon-camera\"><\/span> Jim Salter <\/div>\n<\/figcaption><\/figure>\n<\/li>\n<\/ul>\n<\/div>\n<p>Opting in to any of several attractive Azure infrastructure services (such as distributed logging) automatically installs a little-known service <em>inside<\/em>&nbsp;the Azure virtual machine in question. That service, OMI\u2014short for Open Management Interface\u2014is intended to function much like Microsoft Windows&#8217; WMI service, enabling collection of logs and metrics as well as some remote management.<\/p>\n<p>Part of the OMI specification requires authentication in order to bind commands and requests to a specific user ID (UID)\u2014but unfortunately, a bug caused malformed requests that omit the authentication stanza entirely to be accepted as though given by the <code>root<\/code>&nbsp;user itself.<\/p>\n<p>When configured for remote management, OMI runs an HTTPS server on port 5986, which can be connected to with a standard HTTPS client like <code>curl<\/code> and given reasonably human-readable commands in the XML-derived&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/SOAP\">SOAP&nbsp;<\/a>protocol. In other configurations, OMI only runs on a local Unix socket at <code>\/var\/opt\/omi\/run\/omiserver.sock<\/code>, which limits its exploitation to local users only.<\/p>\n<p>As Wiz senior security researcher <a href=\"https:\/\/twitter.com\/nirohfeld\">Nir Ohfeld<\/a>&nbsp;walked me through a demonstration of the vulnerability, he described it mostly in terms of privilege escalation\u2014an attacker who gets any toehold on an affected virtual machine can issue any arbitrary command as root using OMI syntax.<\/p>\n<p>In larger environments where OMI listens on a network port, not just a local Unix socket, it&#8217;s also a great way to laterally pivot\u2014an attacker who gets a shell on one VM in a customer&#8217;s Azure local network can typically use the buggy OMI to get control of any other virtual machine on the same network segment.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>As it turns out, Azure isn&#8217;t the only place you&#8217;ll find OMI. Organizations that adopt&nbsp;<a href=\"https:\/\/partner.microsoft.com\/en-us\/solutions\/microsoft-system-center\">Microsoft System Center<\/a> (which gets advertised on every new install of Windows Server 2019 and up) and manage on- or off-premise Linux hosts with it also end up with the buggy version of OMI deployed on those managed hosts.<\/p>\n<p>As Nir and I talked through the vulnerability&#8217;s scope, I pointed out the likelihood of some Azure customers both enabling logging in the UI and adding a &#8220;default allow&#8221; rule to a Linux VM&#8217;s Azure firewall\u2014sure, it&#8217;s incorrect practice, but it&nbsp;<em>happens<\/em>. &#8220;Oh my god,&#8221; I exclaimed\u2014and the Wiz team burst out laughing. As it turns out, that&#8217;s exactly what they&#8217;d named the vulnerability\u2014OMIGOD.<\/p>\n<h2>A difficult bounty to collect<\/h2>\n<p>Despite the obvious severity of OMIGOD\u2014which includes four separate but related bugs Wiz discovered\u2014the company had difficulty getting Microsoft to pay it a bounty for its discovery and responsible disclosure. In a series of emails Ars reviewed, Microsoft representatives initially dismissed the vulnerabilities as &#8220;out of scope&#8221; for Azure. According to Wiz, Microsoft representatives in a phone call further characterized bugs in OMI as an &#8220;open source&#8221; problem.<\/p>\n<p>This claim is complicated by the fact that Microsoft authored OMI in the first place, which it <a href=\"https:\/\/cloudblogs.microsoft.com\/windowsserver\/2012\/06\/28\/open-management-infrastructure\/\">donated<\/a> to The Open Group in 2012. Since then, the vast majority of commits to OMI have continued to come from Redmond-based, Microsoft-employed <a href=\"https:\/\/github.com\/microsoft\/omi\/graphs\/contributors\">contributors<\/a>\u2014open source or not, this is clearly a Microsoft project.<\/p>\n<p>In addition to Microsoft&#8217;s&nbsp;<em>de facto<\/em> ownership of the project, Azure&#8217;s own management system automatically deploys OMI\u2014admins are not asked to hit the command line and install the package for themselves. Instead, it&#8217;s deployed automatically inside the virtual machine whenever an OMI-dependent option is clicked in the Azure GUI.<\/p>\n<p>Even when Azure management deploys OMI, there&#8217;s little obvious notice to the administrator who enabled it. We found that most Azure admins seem only to <a href=\"https:\/\/www.google.com\/search?q=omi+core+dumps+azure\">discover<\/a> that OMI exists if their \/var partition fills with its core dumps.<\/p>\n<p>Eventually, Microsoft relented on its refusal to pay an Azure Management bug bounty for OMIGOD and awarded Wiz with a total of $70,000 for the four bugs comprising it.<\/p>\n<h2>A dusty corner of the supply chain<\/h2>\n<p>&#8220;OMI is like a Linux implementation of Windows&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/wmisdk\/wmi-start-page\">Management Infrastructure<\/a>,&#8221; Ohfeld told Ars. &#8220;Our assumption is when they moved to the cloud and had to support Linux machines, they wanted to bridge the gap, to have the same interface available for both Windows and Linux machines.&#8221;<\/p>\n<p>OMI&#8217;s inclusion in Azure Management\u2014and in Microsoft System Center, advertised directly on every new Windows Server installation\u2014means it gets installed as a low-level component on a staggering number of critically important Linux machines, virtual and otherwise. The fact that it listens for commands on an open network port in some configurations, using extremely well-known protocols (SOAP over HTTPS), makes it a very attractive target for attackers.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>With the scope of both deployment and potential vulnerability, one might reasonably expect a lot of eyeballs would be on OMI\u2014enough that a vulnerability summed up as &#8220;you forgot to make sure the user authenticated&#8221; would be rapidly discovered. Unfortunately, this is not the case\u2014OMI has a disturbingly low total of 24 contributors, 90 forks, and 225 &#8220;stars&#8221; (a measurement of relatively casual developer interest) over the nine years it&#8217;s had a&nbsp;<a href=\"https:\/\/github.com\/microsoft\/omi\">home<\/a> on Github.<\/p>\n<p>By contrast, my own ZFS management project Sanoid\u2014which listens on no ports and has been accurately if uncharitably described as &#8220;a couple thousand lines of Perl script&#8221;\u2014has more than twice the contributors and forks and nearly 10 times the stars.<\/p>\n<p>By any reasonable standard, an infrastructure component as critically important as OMI should be receiving far more attention\u2014which raises questions about how many&nbsp;<em>other<\/em> dusty corners of the software supply chain are being equally under-inspected and under-maintained.<\/p>\n<h2>An unclear upgrade path<\/h2>\n<p>Microsoft employee Deepak Jain <a href=\"https:\/\/github.com\/microsoft\/omi\/commit\/4ce2cf1cb0aa656b8eb934c5acc3f4d6a6796bfa\">committed<\/a>&nbsp;the necessary fixes to OMI&#8217;s GitHub repository on August 11\u2014but as Ars confirmed directly, those fixes had still not been deployed to Azure as of September 13. Microsoft told Wiz that it would announce a CVE on Patch Tuesday, but Wiz researchers expressed uncertainty as to how or when those fixes could be universally deployed.<\/p>\n<p>&#8220;Microsoft has not shared their mitigation plan with us,&#8221; Wiz CTO Ami Luttwak told Ars, &#8220;but based on our own customer telemetry, this could be a tricky one to patch properly. OMI is embedded across multiple Azure services and each may require a different upgrade path.&#8221;<\/p>\n<p>For arbitrary Linux systems remotely managed from Microsoft System Center, the upgrade path might be even more convoluted\u2014because the Linux agents for System Center have been <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/configmgr\/core\/plan-design\/changes\/deprecated\/removed-and-deprecated-client\">deprecated<\/a>. Customers still using System Center with OMI-enabled Linux may need to manually update the OMI agent.<\/p>\n<h2>Mitigation for affected users<\/h2>\n<p>If you&#8217;re a Linux system administrator worried that you might be running OMI, you can detect it easily by looking for listening ports on TCP 5985 and 5986 (TCP 1270, for OMI agents deployed by Microsoft System Center rather than Azure) or a Unix socket located beneath <code>\/var\/opt\/omi<\/code>.<\/p>\n<p>If you have the Unix socket but not the ports, you&#8217;re still vulnerable until Microsoft deploys a patch\u2014but the scope is limited to local privilege escalation only.<\/p>\n<p>In the cases where OMI listens on TCP ports, it binds to all interfaces, including public ones. We strongly recommend limiting access to these ports via Linux firewall, whether your OMI instance is repaired or not.<\/p>\n<p>In particular, security-conscious administrators should be carefully limiting access to this and any other network services to only those network segments that actually&nbsp;<em>need<\/em> access. Machines running Microsoft System Center obviously need access to OMI on client systems, as does Azure&#8217;s own infrastructure\u2014but the clients themselves don&#8217;t need OMI access from one to another.<\/p>\n<p>The best practice for reduction of network attack surface\u2014with this and any other potentially vulnerable service\u2014is a global firewall <code>deny<\/code>&nbsp;rule, with specific <code>allow<\/code>&nbsp;rules in place only for machines that&nbsp;<em>need<\/em> to access a given service.<\/p>\n<p>Where that&#8217;s not practical\u2014for example, in an Azure environment where the administrator isn&#8217;t certain what Microsoft network segments need to access OMI in order for Azure Management to work properly\u2014simply denying access from other VMs on the same network segment will at least prevent lateral movement of attackers from one machine to another.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32633\/Wiz-Discovers-Another-Major-Azure-Vulnerability.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42840,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[145],"class_list":["post-42839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerdata-lossflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-14T15:28:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Wiz Discovers Another Major Azure Vulnerability\",\"datePublished\":\"2021-09-14T15:28:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/\"},\"wordCount\":1600,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/wiz-discovers-another-major-azure-vulnerability.jpg\",\"keywords\":[\"headline,hacker,data loss,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/\",\"name\":\"Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/wiz-discovers-another-major-azure-vulnerability.jpg\",\"datePublished\":\"2021-09-14T15:28:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/wiz-discovers-another-major-azure-vulnerability.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/wiz-discovers-another-major-azure-vulnerability.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiz-discovers-another-major-azure-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,data loss,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerdata-lossflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Wiz Discovers Another Major Azure Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-09-14T15:28:56+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Wiz Discovers Another Major Azure Vulnerability","datePublished":"2021-09-14T15:28:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/"},"wordCount":1600,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg","keywords":["headline,hacker,data loss,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/","url":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/","name":"Wiz Discovers Another Major Azure Vulnerability 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg","datePublished":"2021-09-14T15:28:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/wiz-discovers-another-major-azure-vulnerability.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/wiz-discovers-another-major-azure-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,data loss,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerdata-lossflaw\/"},{"@type":"ListItem","position":3,"name":"Wiz Discovers Another Major Azure Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42839"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42839\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42840"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}