ALERT: Apply Microsoft Security Update for Azure Linux Open Management Infrastructure
Friday, September 17, 2021
The information below was sent to U-M IT groups on September 17, 2021. It is intended for U-M IT staff who are responsible for university servers running Azure Linux.
Remote code execution vulnerabilities have been discovered in Azure Linux Open Management Infrastructure (OMI). Microsoft has released updates to address the vulnerabilities, which should be applied as soon as possible after appropriate testing.
When a Linux virtual machine is set up in the cloud, the OMI agent is automatically and silently (without a user’s knowledge) deployed when certain Azure services are enabled. Attackers can exploit the vulnerabilities to escalate to root privileges and remotely execute malicious code (for example, encrypting files for ransom).
Azure Automatic Update
Azure Operations Management Suite (OMS)
Azure Log Analytics
Azure Configuration Management
Azure Container Insights
To determine whether or not your systems are impacted, refer to Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions. If applicable, apply the security updates from Microsoft as soon as possible after appropriate testing.
An attacker could use the vulnerabilities to take control of an affected system.
Open Management Infrastructure (OMI) is an open source project sponsored by Microsoft that is used extensively by Azure services. OMI operates similarly to Windows Management Infrastructure (WMI), but for UNIX/Linux systems.
OMI enables popular services for statistics and sync configurations, and is silently installed on the Virtual Machine, running at the highest privileges possible.The vulnerabilities include privilege escalation vulnerabilities that enable attackers to gain the highest privileges on a machine with OMI installed.
How We Protect U-M
ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.
Information for Users
In general, the best protection for your systems is to keep your software and apps up-to-date and to be sure CrowdStrike Falcon is installed on all university systems in your unit.
Please contact email@example.com to submit a ticket to the ITS Cloud Compute Services support team.