The Custom Script Extension in Azure allows arbitrary scripts to be run on VMs, which could be exploited by attackers to gain control of the VM and cause data loss, malware installation, or operational disruption. The Custom Script Extension does not have any built-in security features, so users are responsible for ensuring the security of the scripts they run. Therefore, it is recommended to not use custom script extensions in Azure VMs.
In Azure Console -
From Azure Command Line Interface 2.0-
use the below CLI command to identify the customscript extensions
az vm extension list --vm-name --resource-group --query [*].name\and use the below CLI command to remove identified extension attached to VM.
az vm extension delete --resource-group --vm-name --name
.
In Terraform -
References:
https://learn.microsoft.com/en-us/powershell/module/az.compute/remove-azvmextension?view=azps-10.2.0
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension.html