Microsoft Security Response Center

*Update 9/16/2021: Where can I find more information about how to know if I'm protected and what steps can be taken to be protected?* Please see Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information. *What is OMI?* Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management In...

*Update 9/16/2021: Where can I find more information about how to know if I'm protected and what steps can be taken to be protected?* Please see Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information. *What is OMI?* Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management In...

*Update 9/16/2021: Where can I find more information about how to know if I'm protected and what steps can be taken to be protected?* Please see Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information. *What is OMI?* Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management In...

*Update 9/16/2021: Where can I find more information about how to know if I'm protected and what steps can be taken to be protected?* Please see Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information. *What is OMI?* Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management In...

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

*What security feature is bypassed with this vulnerability?* A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.

*What security feature is bypassed with this vulnerability?* A successful attacker could bypass the Windows Key Storage Provider which issues key certificates for trust in attestation scenarios.