Microsoft’s latest guidelines recently revealed OMI vulnerability Responsible for applying multiple affected patches Blue Service.
ns September Patch Tuesday The bundle contains four fixes for the zero-day vulnerability. open source A software agent called Open Management Infrastructure (OMI). It will automatically expand internally. Linux virtual machine (VM) when the user enables a particular Azure service.
However, instead of patching all affected Azure services, Microsoft give an advice Six of them will be updated, but the other seven say they need to update themselves.
We’re investigating how our readers are using VPNs on streaming sites like Netflix, so we can improve our content and offer better advice. This survey takes less than 60 seconds. If you can share your experience we would appreciate it.
>> Click here to start survey in new window
“Customers need to update vulnerable extensions in cloud and on-premises deployments when updates are available according to the schedule outlined in the table below … Automatic Updates is turned on. For cloud deployments, Microsoft Azure regions Will aggressively deploy updates to extensions in the U.S. Read the schedule and advice in the table below.
high and dry
register He points out that Microsoft’s response to the situation isn’t working out well for security researchers.
“I could not update my own system in Azure to install the patched version on the new VM deployment. To be honest, my chin drops.” Tweet Security researcher Kevin Beaumont.
It didn’t take long for researchers to discover vulnerable instances as Microsoft left it up to users to patch the affected services.
“There are 56 known public services around the world that are most likely to be vulnerable to this issue, including major medical institutions and two major entertainment companies.” i have written Security vendor Sensys after making an impact assessment.
Although seemingly small in number, Sensys may have required deliberate efforts to expose OMIs to the Internet, perhaps because OMI services respond to such scans. I think it is.
In any case, exploit the vulnerability”funny simple tricksAccording to Sophos, security researchers are urging users to patch services that use insecure OMIs in Azure deployments without delay.
According to Microsoft, Azure users will have to address these concerns about security flaws themselves.
source link According to Microsoft, Azure users will have to address these concerns about security flaws themselves.