This article is contributed. See the original author and article here.
At Microsoft we are continuously working to harden our environment and make it easier for customers and partners to apply patches and updates. Monthly, Microsoft issues several updates during what is commonly referred to as “Patch Tuesday.” During Patch Tuesday, Microsoft assigns Common Vulnerabilities and Exposure (CVE) numbers to cloud-based vulnerabilities when there is a specific message that we want to send about necessary action to take, either by our customers to protect themselves or by the industry to protect the ecosystem.
When Microsoft issues a CVE, there is almost always action required to be taken by the customer. In instances where customer action is required, Microsoft understands each customer has their own process and timeframe for applying updates. However, we recommend applying all updates as soon as possible.
As part of June’s “Patch Tuesday,” we issued CVE-2022-29149 to address a local Elevation of Privilege in Azure Open Management Infrastructure (OMI).
Over the past year, our team has been developing an Automatic Extension Upgrade feature and are excited to announce the availability of this capability for the Azure Log Analytics agent and Diagnostics extension for Linux.
Background
The Azure Log Analytics agent for Linux (aka OMS agent) and Diagnostics Extension for Linux (aka LAD agent) collects telemetry from Linux virtual machines. The OMS agent works in any cloud, on-premises machines, and machines monitored by System Center Operations Manager. Collected data is sent to your Log Analytics workspace in Azure Monitor. The Log Analytics agent also supports insights and other services in Azure Monitor such as VM insights, Microsoft Defender for Cloud, and Azure Automation. The LAD agent collects the same data types as OMS, but instead has the capability to send the collected data to a variety of data destinations, such as Azure Storage, Metrics, and Event Hub.
New Feature
On Azure Virtual Machines (VMs), the OMS and LAD agents could be installed as a virtual machine extension. Now, you can let the extension automatically update by turning on the “Automatic Extension Upgrade” option for the extensions. You can do this by setting the flag to true via API, CLI or PowerShell as documented here for OMS and here for LAD.
Security Recommendations
We strongly recommend enabling automatic updates for the OMS agent and LAD agent as soon as possible,
- For the longer term, we recommend migrating to Azure Monitor agent that is not dependent on OMI. As communicated previously, the Log Analytics agent is on a deprecation path and will no longer be supported after August 31, 2024. As such, you must ensure migrating to the new Azure Monitor agent prior to that date. We also plan to bring the capabilities of the Diagnostics Extension for Linux (LAD) to Azure Monitor Agent at a later date.
- This update ensures that customers get important security or performance updates to the extension as soon as possible without manual overhead.
As always, we welcome feedback from customers and partners which supports our efforts to continuously harden our products and services. We want to thank the Wiz team for their collaboration and commitment to helping make Azure customers more secure.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments