32.Lock Code Circular

Azure users running Linux VMs may not be aware they have a severely vulnerable piece of management software installed on their machine by Microsoft, which can be remotely exploited in an incredibly surprising and equally stupid way. "This is a textbook RCE vulnerability that you would expect to see in the 90's -- it's highly unusual to have one crop up in 2021 that can expose millions of endpoints," Wiz security researcher Nir Ohfeld wrote.

As detailed by Wiz.io, which found four vulnerabilities in Microsoft's Open Management Infrastructure project, an attacker would be able to gain root access on a remote machine if they sent a single packet with the authentication header removed.