High-severity Microsoft bug opened door to container cluster hijacking

Microsoft has patched a high-severity vulnerability found in Service Fabric

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

After being tipped off by cybersecurity researchers from Unit 42, a division of Palo Alto Networks,Microsofthas pushed out apatchfor a high-severity vulnerability found in Service Fabric.

Publishing ablog postto explain what happened, Microsoft said the vulnerability allowed potential threat actors to obtain rook privileges on a node, further allowing them full takeover of other nodes in the cluster.

Tracked as CVE-2022-30137, the flaw has been dubbed “FabricScape” and is present only inLinuxcontainers. Windows seems to have dodged the bullet, as unprivileged actors cannot create symlinks on the OS.

Accessing containerized workloads

Microsoft describes Service Fabric as the company’s “container orchestrator for deploying and managing microservices across a cluster of machines.”

Service Fabric is capable of deploying applications in seconds, at high density, with thousands of applications, or containers, per machine. Today, it hosts more than a million applications, and powers major services such as Azure SQL Database, or Azure CosmosDB,SiliconAnglereported.

Microsoft Azure is going all in on Arm-based chips>Our list of the best VM software around>Azure eats into AWS lead as cloud market continues to grow

Thankfully, exploiting the flaw would require a little preparation; the attacker would first need to compromise a containerized workload, deployed by the owner of a Linux SF cluster. Then, the hostile code running inside the container needs to substitute an index file read by SF Diagnostics Collection Agent (DCA) with a symlink.

“Using an additional timing attack, an attacker could gain control of the machine hosting the SF node,” Microsoft explained.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It would seem as if the flaw has not yet been exploited in the wild, but the researchers are urging users to patch it up immediately, given the severity of the flaw.

The patch has been available since May 26, 2022, and has been applied automatically to all who have automatic updates turned on.

ViaSiliconAngle

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call