Control: 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied
It is recommended the latest OS patches for all virtual machines are applied. The Azure Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. The security center also checks for the latest updates in Linux systems. If a VM is missing a system update, the security center will recommend system updates be applied.
Windows and Linux virtual machines should be kept updated to:
- Fix a security vulnerability
- Improve an OS or application’s general stability
- Address a specific bug or flaw
Perform the following action to check latest OS patches are applied on VM:
- Go to
Security Center - Recommendations.
- Ensure that there are no recommendations available for
Apply system updates.
Follow Microsoft Azure documentation to apply security patches from the security center - Security-benchmarks
- By default, patches are not automatically deployed.
- You can deploy your own patch assessment and management tool to periodically assess, report and install the required security patches for your OS.
steampipe check azure_compliance.control.cis_v130_7_5
This control uses a named query:manual_control