Security News > 2022 > June > Microsoft fixes bug that let hackers hijack Azure Linux clusters
Microsoft has fixed a container escape vulnerability in the Service Fabric application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.
Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.
Redmond addressed the vulnerability with the release of the Microsoft Azure Service Fabric 9.0 Cumulative Update on June 14 according to Unit 42's report.
Fixes for this flaw have been pushed to automatically updated Linux clusters starting on June 14, after the security advisory detailing the bug was published.
Customers who have enabled automatic updates on their Linux clusters don't need to take any further action.
Those running Azure Service Fabric without automatic updates are advised to upgrade their Linux clusters to the most recent Service Fabric release as soon as possible.
News URL
Related news
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2022-30137 | Unspecified vulnerability in Microsoft Service Fabric Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. | 0.0 |