Sep 18 2021

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Category: Security Operations Center,Windows SecurityDISC @ 10:47 pm

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not.

Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the code a month ago. So much for the promise of ‘The Cloud.’

What a mess. In today’s SB Blogwatch, we put the “mess” into message.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Difficult Hollywood.

OMI? DIY PDQ

What’s the craic? Simon Sharwood says—“Microsoft makes fixing deadly OMIGOD flaws on Azure your job”:

Your next step”
Microsoft Azure users running Linux VMs in the … Azure cloud need to take action to protect themselves against the four “OMIGOD” bugs in the … OMI framework, because Microsoft hasn’t. … The worst is rated critical at 9.8/10 … on the Common Vulnerability Scoring System.

Complicating matters is that running OMI is not something Azure users actively choose. … Understandably, Microsoft’s actions – or lack thereof – have not gone down well. [And it] has kept deploying known bad versions of OMI. … The Windows giant publicly fixed the holes in its OMI source in mid-August … and only now is advising customers.

Your next step is therefore obvious: patch ASAP.

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Tags: Azure Critical Bugfix