WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

2021-09-17 04:58

Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to protect themselves against the four "OMIGOD" bugs in the Open Management Infrastructure framework, because Microsoft hasn't raced to do it for them.

As The Register outlined in our report on this month's Patch Tuesday release, Microsoft included fixes for flaws security outfit Wiz spotted in OMI. Wiz named the four flaws "OMIGOD" because they are jaw-droppers.

The worst is rated critical at 9.8/10. Complicating matters is that running OMI is not something Azure users actively choose.

"As Wiz explained:"When customers set up a Linux virtual machine in [Azure], the OMI agent is automatically deployed without their knowledge when they enable certain Azure services.

Bad formatting means the table is wider than the section of Microsoft's web page, so rather a lot of lateral and vertical scrolling is required to learn that automatic updates have been enabled for six of the Azure services impacted by the bugs.

They've also failed to update their own systems in Azure to install the patched version on new VM deployments.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/17/microsoft_manual_omigod_fixes/

#azure #microsoft #WTF

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		681	811	4530	4183	3708	13232