Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.