Azure Virtual Machines
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. Azure Virtual Machines

      VM Unapproved Extensions

      Risk Level: High 

      Description

      This plugin guarantees that supported virtual machine extensions are installed. Extensions are little applications that give post-organization or post-deployment configuration and mechanization on Azure VMs. Extensions introduced ought to be supported by the association/organization to meet the authoritative security necessities.

      Configuration Parameters

      Approved VM extensions: This parameter denotes a list of comma-separated approved extension names. If an extension is installed on the Virtual Machine not present in this list, an alert will be generated.

      By default, the value is empty, and it will not report any vulnerability.

      About the Service

      Azure Virtual Machine:

      Azure Virtual Machines (VM) is one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide. This article explains what you should think about before creating a virtual machine, how to construct one, and how to administer one. For more information, click here.

      Impact

      To stick to security best practices and meet administrative consistency, every association needs to keep up with approved programming via cautiously assessing Azure virtual machine (VM) augmentations and guarantee that main those that are supported for use are really carried out.

      Steps to Reproduce

      In order to determine if the selected Azure Virtual Machine has only the approved extensions installed, follow the steps given below:

      Using Azure Console-

      1. Firstly, sign in to the PingSafe account, and access the Install Approved Extensions only settings for Azure Cloud. Now, search for the installed extensions for Virtual Machine Azure Services. This will give a list of all the approved extensions by PingSafe.
      2. Now, sign in to the Azure Management Console with your registered organization email address.
      3. Under Azure Services, choose Subscriptions.
      4. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
      5. Now, in the Filter Type Box, search for Virtual Machines.
      6. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
      7. Click on the Name of the Virtual Machine, for which you want to examine.
      8. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Settings, click on the Extensions + applications blade.
      9. A new Extensions and Applications page will appear on the screen with a list of all the extensions installed in the selected Virtual Machine.
      10. Compare the list obtained in step 8 with the list obtained in step 1. If there are one or more extensions installed in VM which are not found within the organizations approved extensions, then the selected VM has software extensions that are not approved.
      11. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.

      Steps for Remediation

      In order to uninstall the unapproved software extensions running in the selected VM for your Azure cloud account, follow the steps given below:


      Using Azure Console-

      1. Firstly, sign in to the Azure Management Console with your registered organization email address.
      2. Under Azure Services, choose Subscriptions.
      3. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
      4. Now, in the Filter Type Box, search for Virtual Machines.
      5. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
      6. Click on the Name of the Virtual Machine, for which you want to examine.
      7. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Settings, click on the Extensions + applications blade.
      8. A new Extensions and Applications page will appear on the screen with a list of all the extensions installed in the selected Virtual Machine.
      9. Compare the list obtained in step 8 with the list obtained in step 1 and find out the extensions which are not approved by your organization, as explained in the steps to reproduce.
      10. Select the extension which is not approved by your organization. A dialog box will appear with the details of the selected software extension. Choose the Uninstall option.
      11. Now, confirm your selection, this will uninstall the unapproved extensions from the selected Virtual Machine. 
      12. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.