Microsoft has tracked down a very serious vulnerability found in Service Fabric. Microsoft has pushed a patch for a very serious vulnerability found in Service Fabric, after being reported by cybersecurity researchers at Unit 42, a division of Palo Alto Networks.
Read More: Review of Ooma Office VoIP service
In a blog post to explain what happened, Microsoft said the vulnerability allows potential malicious actors to gain privileges on a node, allowing them to access the cluster. Other nodes may be taken over entirely.
Tracked as CVE-2022-30137, the flaw is named “FabricScape” and only exists in Linux containers. Windows seems to have dodged the bullet, as unprivileged actors cannot create symlinks on the OS.
Accessing containerized workloads
Microsoft describes Service Fabric as the company’s “container orchestrator for deploying and managing microservices across a cluster of machines.”
Service Fabric is capable of deploying applications at high density, in seconds, with thousands of applications, or containers, per machine. Today, it hosts more than a million applications, and powers large services such as Azure SQL Database, or Azure CosmosDB, SiliconAngle reported.
Thankfully, exploiting the flaw will require a little preparation. An attacker would first need to compromise the containerized workload, deployed by the owner of the Linux SF cluster. Next, the adversarial code running inside the container needs to replace the index file read by the SF Diagnostic Collection Agent (DCA) with a symlink.
“Using an additional timing attack, an attacker can gain control of the machine hosting the SF node,” Microsoft explained.
It appears that the flaw has not yet been exploited in the wild, but researchers are urging users to patch it immediately given the severity of the flaw.
This patch has been available since May 26, 2022, and is automatically applied to everyone who has automatic updates turned on.