CVE-2022-29149: 
Open Management Infrastructure (OMI) vulnerability analysis and mitigation

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (CVE-2022-29149) was disclosed in June 2022 as part of Microsoft's Patch Tuesday. The vulnerability affects Azure's OMI software, which is typically installed on Linux VMs without explicit customer notification. This vulnerability received a CVSS score of 7.8, which is the highest possible score for local privilege escalation vulnerabilities (Wiz Blog).

The vulnerability stems from a flaw in the secretString mechanism, which was previously used to verify critical internal communications between OMI components. The secretString is generated using a predictable random number generator seeded with the system time when the OMI process launches. This predictability allows attackers to recover the secretString and forge messages as though they were coming from the high-privileged OMI process, ultimately leading to privilege escalation (Wiz Blog).

The vulnerability affects all versions of OMI earlier than 1.6.9-1 and impacts multiple Azure services including System Center Operations Manager, Azure Automation, Azure Operations Management Suite, Azure Log Analytics, Azure Diagnostics, Azure HDInsight, Azure Container Monitoring solution, Azure Security Center, and Azure Sentinel. When exploited, it allows attackers to elevate their privileges to root level access on affected systems (Wiz Blog).

Microsoft has onboarded OMS, LAD, and DSC to the Automatic Extension Upgrade feature to address this vulnerability. Organizations are strongly recommended to enable automatic updates for these agents. For systems without auto-updates, manual patching is required through the package manager. The patched version is 1.6.9-1. Additionally, Microsoft recommends migrating to Azure Monitoring Agent, which does not rely on OMI (Wiz Blog, Microsoft Answer).