Endpoint Vulnerability

Microsoft: Azure SSH Keypairs Security Feature Bypass Vulnerability


A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init. Extraneous Microsoft service public keys can be unexpectedly added to the VM authorized keys file in the limited scenarios described in 4491476. For more information on how to know if you are affected and how to protect yourself, please see 4491476. This update addresses this vulnerability by preventing these keys from being added.

Affected Products