Windows VM Without Automatic Updates
Description
Automatic updates are crucial for maintaining the security and performance of systems. Regular updates address vulnerabilities that might be exploited, provide enhancements, and deliver crucial security patches. For Windows Virtual Machines (VMs) and Virtual Machine Scale Sets in Azure, enabling automatic updates ensures that these instances remain up-to-date with the latest patches from Microsoft.
This policy checks to ensure that Windows VMs and VM Scale Sets are configured to have automatic updates enabled.
Code Example
terraform
resource "azurerm_windows_virtual_machine" "example" {
name = "example-vm"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ enable_automatic_updates = true
}
resource "azurerm_windows_virtual_machine_scale_set" "example" {
name = "example-vmss"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ enable_automatic_updates = true
}Remediation
Terraform
Resources:
- azurerm_windows_virtual_machine
- azurerm_windows_virtual_machine_scale_set
Argument:
- enable_automatic_updates
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0684 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_177 |