Microsoft to Azure Linux users: Patch this problem yourself
Microsoft can't help you if you don't help yourself.
What you need to know
- Recently exposed Azure Linux vulnerabilities leave users vulnerable to having their Azure environments infiltrated by attackers.
- These bugs, dubbed OMIGOD (a reference to the Open Management Infrastructure software agent), are found in OMI, which is installed on Virtual Machines (VMs) when a number of popular Azure services are enabled.
- While Microsoft has released a patched version of OMI, the responsibility of installing said update falls on the user.
Azure Linux administrators, it's time to get patching. In response to the recent OMIGOD vulnerabilities, Microsoft has released an updated version of OMI, but you'll need to upgrade on your own (via BleepingComputer). Here's the full scoop.
OMIGOD vulnerabilities are named after OMI, an acronym that stands for the Open Management Infrastructure software agent. The OMIGOD vulnerabilities found in OMI have opened the door for RCE (Remote Code Execution) attacks from malicious parties. And if you're an Azure user operating on a Linux setup with a service such as Azure Diagnostics or Azure Automation enabled, that means you have OMI on your Virtual Machine.
Microsoft, aware of the issues, has released an updated version of OMI that hopes to fix the aforementioned problems. Here's the wrinkle: It can't auto-update vulnerable extensions for the customer. They'll need to do that themselves.
"Customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available per schedule outlined in table below," Microsoft said in its blog post on the subject. You can read the post for expanded details and the full scoop on how Azure Linux users are affected.
As spotted by The Register, security experts appear to be displeased with the current situation.
They’ve also failed to update their own systems in Azure to install the patched version on new VM deployments. It’s honestly jaw dropping.They’ve also failed to update their own systems in Azure to install the patched version on new VM deployments. It’s honestly jaw dropping.— Kevin Beaumont (@GossiTheDog) September 16, 2021September 16, 2021
For those of you who have read this far and still aren't sure how this all pertains to your personal computing activities, feel free to disregard everything here and focus on other Microsoft news, such as the impending launch of Windows 11.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.