VM Auto Update Disabled

Risk Level: Medium

Description

This plugin guarantees that Virtual Machine Auto Update is enabled for virtual machines. The security risk of missing security patches is minimized by enabling Auto Update on Azure virtual machines.

About the Service

Azure Virtual Machine:

Azure Virtual Machines (VM) is one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide. This article explains what you should think about before creating a virtual machine, how to construct one, and how to administer one. For more information, click here.

Impact

Empowering Auto Update on Azure virtual machines diminishes the security hazard of missing security patches. This module guarantees that VM Auto Update is empowered for virtual machines. The issue is due to the disability of automatic updates of virtual machines. The remediation step would be to enable the VM auto-update on all the Virtual Machines to reduce the security risk of missing security patches.

Steps to Reproduce

In order to determine if VM auto-update is enabled on all the Azure Virtual Machines, follow the steps given below:

Using Azure Console-

1. Firstly, sign in to the Azure Management Console with your registered organization email address.
2. Under Azure Services, choose Subscriptions.
   
3. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
   
4. Now, in the Filter Type Box, search for Virtual Machines.
   
5. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
   
6. Click on the Name of the Virtual Machine, for which you want to examine.
7. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Operations, click on the Guest + Host updates blade.
   
8. A new Guest + Host updates page will appear on the screen.
   
9. Click on the Go To Update Management button present at the bottom of the Update management section.
   
10. An Update Management page will appear. Check if the VM Auto Update is enabled for the selected Virtual Machine. If the VM Auto Update is enabled then that would reduce the security risk of missing security patches.
11. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.

Steps for Remediation

In order to enable the Auto Update  in the selected Virtual Machine for your Azure cloud account, follow the steps given below:

Using Azure Console-

1. Firstly, sign in to the Azure Management Console with your registered organization email address.
2. Under Azure Services, choose Subscriptions.
   
3. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
   
4. Now, in the Filter Type Box, search for Virtual Machines.
   
5. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
   
6. Click on the Name of the Virtual Machine, for which you want to examine.
7. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Operations, click on the Guest + Host updates blade.
   
8. A new Guest + Host updates page will appear on the screen.
   
9. Click on the Go To Update Management button present at the bottom of the Update management section.
   
10. An Update Management page will appear. Select the details for Automation Account, now click on the Enable button to enable the Update Management. 
    
11. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.