Using SCOM or Azure to monitor or manage Linux/Unix systems? Read on!
Recently a number of serious vulnerabilities have been found in the OMI Framework, which is used as underlying management infrastructure tooling for managing and monitoring Linux/Unix systems. Examples are the SCOM and Log Analytics agents for these systems in Azure and on-prem. And DSC and Azure Automation State Configuration. Any OMI version which is not 1.6.8-1 or higher is at risk and should be patched. The 1.6.8-1 version has been released in September 2021 and is the version to be used (or higher of course when released).
The advisory page
On the Microsoft Security Response Center is a page dedicated to this issue and the Additional Guidance regarding the OMI Vulnerabilities. I have linked it here.
On that page you can find the latest news, the links to the CVE pages for each involved vulnerability, which versions of OMI are vulnerable, how to determine if VMs are impacted, what you can do to protect and so on. Also there is a table with different extensions and packages and agents relating to the OMI and what you can do for each.
Today the table does not show up right, I have noticed there are 6 columns and I can see only 4. Just select a piece of text in the table and scroll to the right and you will see the other columns. The last column has links to update packages and procedures relating to the different situations and packages. And yes, some of that is on GitHub for updated packages.
Advice
Please read the advisory carefully to see if you are impacted and what you can do to patch this (or confirm if Microsoft is patching it for you in some Azure-based cases).
For example, if you are a SCOM user and are monitoring Linux/Unix machines using the OMI agent (SCOM 2016 and higher), there are updated OMI packages at GitHub – microsoft/omi: Open Management Infrastructure .
Update 21 Sept 2021: For SCOM 2019 the new set of MPs with the fix in it can be downloaded here: Download System Center 2019 Management Pack for UNIX and Linux Operating Systems from Official Microsoft Download Center . This would be the best way to get the agents up to date and fixed with the underlying items.
Good luck with the mitigations!
Bob Cornelissen