Microsoft has fixed a container escape vulnerability in the Service Fabric (SF) application hosting platform that would allow threat actors to access root privileges, gain control of a host node, and compromise an entire SF Linux cluster.
According to Microsoft, Service Fabric is a platform for business-critical applications that hosts over 1 million apps.
It powers a number of Microsoft products, including Azure SQL Database, Azure Cosmos DB, Microsoft Intune, Azure Event Hubs, Azure IoT Hub, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multi-core Azure services, but It is not limited to these.
The SF security flaw is tracked as CVE-2022-30137 and dubbed Fabricscape by Palo Alto Networks Unit 42 researchers, who discovered it and reported it to Microsoft on January 30.
A vulnerability in the Data Collection Agent (DCA) Service Fabric component (running as root) caused by race-conditioned arbitrary writes allows attackers to overwrite files in the node file system with malicious content by creating symlinks to obtain code execution enables to do.
Additional details on how CVE-2022-30137 can be used to execute code and handle SF Linux clusters are available in the Unit 42 report.
“Microsoft recommends that customers continue to review all containerized workloads (both Linux and Windows) that are allowed access to their host cluster,” Microsoft advised.
“By default, an SF cluster is a single-tenant environment and thus there is no isolation between applications. It is possible to create isolation and additional guidance on hosting untrusted code can be found on the Azure Service Fabric security best practices page “
Bug fixed after five months
As Unit42 reports, Redmond addressed the vulnerability with the release of the Microsoft Azure Service Fabric 9.0 cumulative update on June 14 (Microsoft says the fix was made available on May 26).
The solution to this flaw has been pushed to an automatically updated Linux cluster starting June 14, after a security advisory detailing the bug was published.
Customers who have enabled automatic updates on their Linux cluster need not take any further action.
However, those running Azure Service Fabric without automatic updates are advised to upgrade their Linux clusters to the latest service fabric release as soon as possible.
“While we are not aware of any attacks in the wild that have successfully exploited this vulnerability, we would like to urge organizations to take immediate action to identify whether their environments are vulnerable and if they are. Apply patches quickly,” Palo Alto Networks said.
Microsoft says that customers who haven’t enabled automatic updates have been notified of the issue through portal notifications sent through Azure Service Health.
Also check Sony PlayStation 5: India Restock on June 21