Azure forces the install of an agent on Linux VMs, which contained a vulnerability that allowed privilege escalation
(note that this vulnerability is different than OMIGOD, which also resided in the OMI agent).
Azure Automation, Azure Diagnostics, Azure HDInsight, Azure Stack Hub
In some cases no manual action is required, but for most Azure services, customers must manually patch the OMI agent.
See Microsoft's advisory (linked in references) for further details on how to update in each case.