Security Considerations for Azure Linux & Windows Subsystem for Linux Users

Azure Linux is a public computing platform developed by Microsoft that businesses can use for tasks like app development, analytics, virtual computing, networking, storage, and more. Linux is used more on Azure than Windows servers because of Azure’s ability to run big workloads.

On the other hand, the Windows Subsystem for Linux (WSL) permits developers to run Linux directly on Windows. It’s a lighter alternative to Virtual Machines, which is why it’s popular.   

Despite the popularity of Azure Linux and WSL, there are some security risks that you must be aware of, like the Firewall bypass and unauthorized access to root privileges. While you can quickly address these by using third-party Azure security tools, it is best to understand them first, so you can apply the appropriate solutions to mitigate them. This article will evaluate the security of Azure Linux and WSL and offer tips and best practices for securing Azure Linux and WSL. 

What Is Azure Linux? 

Azure Linux is a cloud-hosted operating system based on the open-source Linux OS. Azure gives you a space to host your Linux OS. You can upload your preferred Linux OS image to run community-supported Linux distributions on Azure. Alternatively, you can choose from the numerous Linux workloads in Azure Marketplace.  

It’s a cost-effective and straightforward platform to deploy and scale web apps. Notably, you only pay for features you want to use, making it an affordable option for many users. Moreover, it can scale up or down depending on changing needs and monitor resources. 

The prevalence of Linux on Azure has been rising steadily. In 2016, only one in four instances on Azure were Linux. In 2017, the figure had climbed up to 40%. In 2018, it increased up to 50%, and by June 2019, Linux usage on Azure had surpassed Windows. It now dominates Microsoft’s cloud platform. The rising popularity is partly because of Linux’s open-source licensing that every developer can benefit from. 

Azure is a highly secure platform owing to Microsoft’s multi-layered security facilitated by state-of-the-art data centers spread across the globe and its team of more than 3,500 cybersecurity experts. Besides built-in security solutions, you can seamlessly integrate third-party solutions and beef up security. Moreover, Microsoft continuously analyzes billions of web pages, emails, device updates, and authentications to help detect threats faster.  

What is Windows Subsystem for Linux (WSL)? 

Windows Subsystem for Linux (WSL) is a Microsoft-developed tool that allows users to run Linux natively on Windows without needing a dual-boot setup. The technology used in WSL primarily comes from Project Astoria, which was used to run Android apps on Windows 10 mobile. WSL was first released in August 2016, with the version only supporting Ubuntu. But now, it supports several Linux distros. You can download Linux distributions like Ubuntu, Debian, Gentoo, or Fedora from the app store; then, you can install and run it on your Windows PC.  

It’s designed to give developers an unbeatable Linux experience despite using Windows as their primary OS. You can also run native Linux apps on Windows much easier than it would have been if you were using dual-boot or virtual machines. It’s a perfect way for Windows users to learn Linux. Moreover, most laptops and PCs come with Windows preinstalled. So, WSL is a welcome shortcut to having a Linux computer. 

WSL comes in two versions, WSL1 and WSL2. The latter is the latest version, released in 2019. It uses the most advanced virtualization technology to run a Linux kernel within a virtual machine. WSL2 has more features than WSL1, which is meant to increase its performance and add full system call compatibility.  

WSL is growing popular among developers, with a recent survey by Stack Overflow revealing that 15% of developers use WSL. Other reports show it’s installed in more than 3.5 million monthly active devices.  

Notable Azure Linux And WSL Security Issues 

Below is an outline of significant security vulnerabilities of Azure Linux and WSL. 

OMIGOD 

OMIGOD (as dubbed by Wiz) is a vulnerability discovered in September 2021 in Microsoft’s Open Management Infrastructure (OMI) project. When you run Azure Linux, the OMI agent is secretly deployed. Failure to apply a patch allows attackers to access root privileges and distantly execute ill-natured code. For example, they can encrypt your files and deny you access until you pay a ransom. Surprisingly, 65 percent of Azure Linux users are vulnerable.  

However, Microsoft fixed these vulnerabilities, and you should run OMI version 1.6.8.1 or later to stay safe.  

FabricScape Bug 

The Service Fabric (SF) platform hosts millions of business apps, including Azure Linux. The vulnerability, dubbed FabricScape, allows cybercriminals to access root privileges, take control of the host node, and overwrite files with harmful content. It was discovered in January 2022 but was fixed five months later, in June 2022.  

There’s no need for further remedial action if you’ve enabled automatic updates on Linux clusters. However, if you run Azure Linux without automatic updates, you’d better upgrade to the latest SF version as soon as possible.  

WSL-based Malware 

Researchers have detected more than 100 WSL-based malware in recent years. Most of them spy on users’ information and secretly install malicious modules. Notably, some malware uses Telegram to allow attackers unauthorized access to the system. Given their low detection rates, hackers are capitalizing on them and inflicting more harm on unsuspecting Linux users. An excellent approach to defending your system against such malware is to inspect the system and detect suspicious activity closely. 

Windows 10 Firewall Bypass 

WSL2 completely bypasses the Windows 10 Firewall and all other configured rules, unlike WSL1. This was discovered after Virtual Private Network (VPN) users, who restrict internet access unless the VPN is on, realized that WSL still could access the internet. Failure of WSL2 to honor your Firewall rules may expose your system to risks. Luckily, you can use some commands to block connections. 

Security Implications That WSL Users Should Be Aware Of: How Secure is WSL?  

WSL users debate whether using the platform creates unwarranted security risks. Besides the above vulnerabilities, it’s worthwhile to note that running sensitive apps on WSL is less secure than running the same apps on Windows or Linux systems.  

Additionally, there is potential theft of sensitive data from Linux apps running on WSL, and most antivirus programs may not be able to detect these threats. Nevertheless, that doesn’t make WSL less safe for critical business applications.  

It’s as secure as any other app running on your Windows OS. If you have malicious code running on Windows, your WSL might be compromised. Therefore, you must ensure that your Windows OS is threat-free, so you can comfortably run WSL. 

Best Practices for Securing Azure Linux & WSL 

Software developers work around the clock to mitigate the security vulnerabilities typical of Azure Linux and WSL. Below are some best practices you should implement to make Azure Linux and and WSL more secure:

• You can achieve an advanced level of security by using third-party Azure security tools, which enhance monitoring and remediation capabilities.   
• When creating custom virtual images, update your operating system to the latest version. Do the same for all other apps you’ll include in the image. 
• You can implement a business continuity and disaster recovery strategy to keep your data safe during unprecedented outages. 
• Use Azure Backup to facilitate recovery if your data gets corrupted due to application errors or bugs. 
• Use Azure Disk Encryption to make your data unreadable to hackers who may access your system without authorization. 
• Use sophisticated antimalware from trusted vendors like Microsoft, Symantec, or Kaspersky to protect your system from threats. 
• Use Azure Key Vault to securely store your keys and ensure only authorized people can access the vault. 
• Use just-in-time (JIT) VM access to restrict inbound traffic through management ports. 
• Set up appropriate rules in network security groups to screen traffic flowing in and out of your system. 
• You can take advantage of the Azure security center to identify and quickly mitigate threats. Fundamentally, the security center amalgamates all security alerts, enabling you to see them and respond accordingly. Moreover, it presents a detailed account of the security threat and recommendations for alleviating the risks. On the other hand, Microsoft also investigates the threats reported on Azure Security Center and analyzes the frequency of attacks. They can use the data to inform Azure Linux users when attacked. 
• Use Azure Sentinel to collect security data and activities for analysis and threat hunting. 
• Install Microsoft Defender for Endpoint, which utilizes endpoint behavioral sensors to collect and analyze behavioral signals from the OS. Whenever it detects a threat, the system sends alerts to a Microsoft analyst, who analyzes the risks and offers appropriate remediation steps. A typical response is disconnecting the compromised device from the network while maintaining a connection to Microsoft Defender for Endpoint to allow further monitoring. You shouldn’t run other third-party endpoint protection solutions alongside Microsoft Defender for Endpoint on Linux because it might compromise performance. 

Microsoft has a wide range of security tools and features to ensure you stay safe from threats while using Azure Linux and Windows Subsystem for Linux. Coupled with third-party security tools, you can mitigate your risk of attacks while using these applications.

Conclusion 

Azure Linux and WSL are highly valuable tools that revolutionize how developers work with Linux. Instead of having a dedicated Linux desktop, you can use the OS via the cloud or on your Windows computer. However, they open up new attack surfaces that hackers capitalize on to access your system for malicious reasons. Luckily, the tips herein show you how to mitigate typical security vulnerabilities. We strongly recommend that you implement them to help secure your system against attacks leading to compromise.