Microsoft to Azure Linux users: Patch this problem yourself

Microsoft Azure Hero 4
Microsoft Azure Hero 4 (Image credit: Microsoft)

What you need to know

  • Recently exposed Azure Linux vulnerabilities leave users vulnerable to having their Azure environments infiltrated by attackers.
  • These bugs, dubbed OMIGOD (a reference to the Open Management Infrastructure software agent), are found in OMI, which is installed on Virtual Machines (VMs) when a number of popular Azure services are enabled.
  • While Microsoft has released a patched version of OMI, the responsibility of installing said update falls on the user.

Azure Linux administrators, it's time to get patching. In response to the recent OMIGOD vulnerabilities, Microsoft has released an updated version of OMI, but you'll need to upgrade on your own (via BleepingComputer). Here's the full scoop.

OMIGOD vulnerabilities are named after OMI, an acronym that stands for the Open Management Infrastructure software agent. The OMIGOD vulnerabilities found in OMI have opened the door for RCE (Remote Code Execution) attacks from malicious parties. And if you're an Azure user operating on a Linux setup with a service such as Azure Diagnostics or Azure Automation enabled, that means you have OMI on your Virtual Machine.

Microsoft, aware of the issues, has released an updated version of OMI that hopes to fix the aforementioned problems. Here's the wrinkle: It can't auto-update vulnerable extensions for the customer. They'll need to do that themselves.

"Customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available per schedule outlined in table below," Microsoft said in its blog post on the subject. You can read the post for expanded details and the full scoop on how Azure Linux users are affected.

As spotted by The Register, security experts appear to be displeased with the current situation.

For those of you who have read this far and still aren't sure how this all pertains to your personal computing activities, feel free to disregard everything here and focus on other Microsoft news, such as the impending launch of Windows 11.

CATEGORIES
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.