Microsoft Azure FabricScape bug let hackers hijack Linux clusters

2022-06-29 10:48

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.

Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Redmond addressed the vulnerability with the release of the Microsoft Azure Service Fabric 9.0 Cumulative Update on June 14 according to Unit 42's report.

Fixes for this flaw have been pushed to automatically updated Linux clusters starting on June 14, after the security advisory detailing the bug was published.

Customers who have enabled automatic updates on their Linux clusters don't need to take any further action.

Those running Azure Service Fabric without automatic updates are advised to upgrade their Linux clusters to the most recent Service Fabric release as soon as possible.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-azure-fabricscape-bug-let-hackers-hijack-linux-clusters/

#azure #fabricscape #hacker #linux #microsoft #CVE-2022-30137

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-15	CVE-2022-30137	Unspecified vulnerability in Microsoft Service Fabric Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. microsoft	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	68	3708	1957	67	5800
Microsoft		381	52	1423	2925	176	4576

News URL

Related news

Related Vulnerability

Related vendor