Microsoft patched a serious vulnerability in Service Fabric. The threat was discovered by security specialists from Unit42 of Palo Alto Networks.
The vulnerability (‘FabricScape’) allows attacks on all services and applications that Service Fabric supports. These include Azure Service Fabric, Azure SQL Database, Azure CosmosDB, Cortana and Microsoft Power BI.
Unit42 researchers discovered that the vulnerability provides hackers with root privileges on a node. Subsequently, all other nodes in the cluster can be hijacked.
There’s two conditions. First, a hacker requires read/write access to a cluster. Second, a hacker needs the ability to execute code on a Linux container with access to the Service Fabric runtime. According to the experts, the problem stems from a high privilege logging function in Service Fabric’s Data Collection Agent (DCA).
By modifying workloads in containers, hackers can overwrite files with rogue links. These allow intruders to DCA as root on a node, allowing any file to be overwritten. ultimately, hackers can take over the node.
Patch
The threat exclusively affects Linux containers. According to Palo Alto Networks, there’s no evidence of the vulnerabilities being exploited by cybercriminals.
Microsoft released a patch. The tech giant urges customers to implement the fix as soon as possible. In the meantime, companies are advised to remove untrusted applications from Service Fabric.
Tip: A new, highly sophisticated malware strain threatens various routers