OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month’s Patch Tuesday.

The four security flaws were found in the Open Management Infrastructure software agent silently installed by Microsoft on more than half of all Azure instances.

According to GreyNoise’s current stats, attackers are scanning the Internet for exposed Azure Linux VMs vulnerable to CVE-2021-38647 exploits from over 110 servers.

A Mirai botnet is behind some of these exploitation attempts targeting Azure Linux OMI endpoints vulnerable to CVE-2021-38647 RCE exploits, as first spotted by Fernández on Thursday evening.

How to secure your Azure VM. While Microsoft has released patched a patched OMI software agent version more than a week ago, the company is still in the process of rolling out security updates to cloud customers who have automatic updates enabled in their VMs. According to additional guidance Redmond released today, “Customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available” per a predefined schedule shared by the Microsoft Security Response Center team.

“While updates are being rolled out using safe deployment practices, customers can protect against the RCE vulnerability by ensuring VMs are deployed within a Network Security Group or behind a perimeter firewall and restrict access to Linux systems that expose the OMI ports,” Microsoft added.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.