Security News > 2021 > September > WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job
2021-09-17 04:58

Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to protect themselves against the four "OMIGOD" bugs in the Open Management Infrastructure framework, because Microsoft hasn't raced to do it for them.

As The Register outlined in our report on this month's Patch Tuesday release, Microsoft included fixes for flaws security outfit Wiz spotted in OMI. Wiz named the four flaws "OMIGOD" because they are jaw-droppers.

The worst is rated critical at 9.8/10. Complicating matters is that running OMI is not something Azure users actively choose.

"As Wiz explained:"When customers set up a Linux virtual machine in [Azure], the OMI agent is automatically deployed without their knowledge when they enable certain Azure services.

Bad formatting means the table is wider than the section of Microsoft's web page, so rather a lot of lateral and vertical scrolling is required to learn that automatic updates have been enabled for six of the Azure services impacted by the bugs.

They've also failed to update their own systems in Azure to install the patched version on new VM deployments.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/17/microsoft_manual_omigod_fixes/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399