Azure forces the install of an agent on Linux VMs, which contained a vulnerability
that would grant root RCE if an attacker could send a web request to them. Initially,
Microsoft did not update the agent automatically, and so customers had to patch manually,
but a few days later they began patching some services remotely.
Customers must update vulnerable extensions for their cloud and on-premises deployments.
New VMs in a region are protected from these vulnerabilities as they are created.
For cloud deployments, Microsoft has deployed the updates to extensions across Azure regions.
The automatic extension updates were transparently patched without a reboot.
Where possible, customers should ensure that automatic extension updates are enabled.
CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649