9.1.10 Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates

Information

Ensure that the latest OS patches for all virtual machines are applied.

Windows and Linux virtual machines should be kept updated to:

- Address a specific bug or flaw
- Improve an OS or application's general stability
- Fix a security vulnerability

Microsoft Defender for Cloud retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. The security center also checks for the latest updates in Linux systems. If a VM is missing a system update, the security center will recommend system updates be applied.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Follow Microsoft Azure documentation to apply security patches from the security center. Alternatively, you can employ your own patch assessment and management tool to periodically assess, report, and install the required security patches for your OS.

Impact:

Running Microsoft Defender for Cloud incurs additional charges for each resource monitored. Please see attached reference for exact charges per hour.

See Also

https://workbench.cisecurity.org/benchmarks/19304

Item Details

Category: RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|RA-5, 800-53|SI-2, 800-53|SI-2(2), CSCv7|3.4

Plugin: microsoft_azure

Control ID: 587b3ef30ad9a747b563cdfb454fabec853eb0913f29bda3d4c90e8cfffe7dbc