OMIGOD Patching

A 30 second guide to manually patching the OMIGOD vulnerability (September 2021) in Azure-hosted Linux Virtual Machines.

In September 2021 Microsoft released patches to protect against a vulnerability in the “Open Management Infrastructure” (OMI) package often installed on Linux VMs, particularly those hosted in Azure. The researchers involved in uncovering the bug dubbed it “OMIGOD”.

This quick guide covers how to manually check and update the omi package to patch against this vulnerability. I’ve based these instructions around Ubuntu, which uses the apt package manager. If you are a RedHat etc user then use the equivalent yum commands.

  1. Check if the omi package is installed and get the version. Anything less than 1.6.8.1 is vulnerable.
1apt list --installed | grep omi
  1. If you haven’t already included the Microsoft patch repository, add it now. These instructions are for Ubuntu 18.04, check out docs.microsoft.com for other operating systems.
1curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
2sudo apt-add-repository https://packages.microsoft.com/ubuntu/18.04/prod
3sudo apt-get update
  1. Update the omi package, press “Y” when prompted.
1sudo apt-get upgrade omi
  1. Finally check the new version of omi is installed.
1apt list --installed | grep omi