What you need to know
- Recently exposed Azure Linux vulnerabilities leave users vulnerable to having their Azure environments infiltrated by attackers.
- These bugs, dubbed OMIGOD (a reference to the Open Management Infrastructure software agent), are found in OMI, which is installed on Virtual Machines (VMs) when a number of popular Azure services are enabled.
- While Microsoft has released a patched version of OMI, the responsibility of installing said update falls on the user.
Azure Linux administrators, it's time to get patching. In response to the recent OMIGOD vulnerabilities, Microsoft has released an updated version of OMI, but you'll need to upgrade on your own (via BleepingComputer). Here's the full scoop.
OMIGOD vulnerabilities are named after OMI, an acronym that stands for the Open Management Infrastructure software agent. The OMIGOD vulnerabilities found in OMI have opened the door for RCE (Remote Code Execution) attacks from malicious parties. And if you're an Azure user operating on a Linux setup with a service such as Azure Diagnostics or Azure Automation enabled, that means you have OMI on your Virtual Machine.
Microsoft, aware of the issues, has released an updated version of OMI that hopes to fix the aforementioned problems. Here's the wrinkle: It can't auto-update vulnerable extensions for the customer. They'll need to do that themselves.
"Customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available per schedule outlined in table below," Microsoft said in its blog post on the subject. You can read the post for expanded details and the full scoop on how Azure Linux users are affected.
As spotted by The Register, security experts appear to be displeased with the current situation.
They’ve also failed to update their own systems in Azure to install the patched version on new VM deployments. It’s honestly jaw dropping.They’ve also failed to update their own systems in Azure to install the patched version on new VM deployments. It’s honestly jaw dropping.— Kevin Beaumont (@GossiTheDog) September 16, 2021September 16, 2021
For those of you who have read this far and still aren't sure how this all pertains to your personal computing activities, feel free to disregard everything here and focus on other Microsoft news, such as the impending launch of Windows 11.
