Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads

Blog
Azure
Post

Microsoft has patched a critical in Azure Service Fabric dubbed “FabricScape” that affects containerized workloads on Linux. The software giant urges customers to upgrade their clusters as soon as possible to prevent successful exploits.

Azure Service Fabric is basically a distributed systems platform that allows developers to build and host microservices-based cloud apps. It powers several Microsoft services, including Microsoft Intune, Skype for Business, Cortana, Dynamics 365, Azure Event Hubs, Azure SQL Database, Azure Cosmos DB, and Azure Data Factory.

Cybersecurity researchers from Palo Alto Networks first disclosed the security vulnerability (CVE-2022-30137) in January this year. The flaw enables threat actors to perform a privilege escalation attack on the host Service Fabric node and potentially take over the entire cluster.

Microsoft noted that attackers will need Runtime access to the container to exploit this vulnerability, which is unfortunately granted by default. The company has also detailed the steps that can be taken for a successful attack, and you can check out the security advisory for technical details.

FabricScape: Microsoft Releases Patches to Address Azure Flaw Affecting Linux Workloads

The Redmond giant confirmed that the bug is present in both Windows and Linux, but the problem only affects Linux containers. “Though the bug exists on both Operating System (OS) platforms, it is only exploitable on Linux; Windows has been thoroughly vetted and found not to be vulnerable to this attack,” the company explained.

Update Azure Service Fabric clusters

Microsoft released security patches to address the FabricScape vulnerability on June 14. The company says that customers with automatic updates enabled should have already received the fix. Meanwhile, Microsoft has also sent notifications about the issue via Azure Service Health to all customers who don’t use the auto-update mechanism.

As of this writing, there is no evidence that attackers have successfully exploited the security flaw. However, it is still recommended to patch Azure Service Fabric clusters and follow Microsoft’s best practices.

“While we’re not aware of any attacks in the wild that have successfully exploited this vulnerability, we want to urge organizations to take immediate action to identify whether their environments are vulnerable and quickly implement patches if they are,” said Palo Alto Networks.

by Rabia Noureen
Last Update: Sep 09, 2022
Jun 29, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Protect Your Organization’s Assets: Disaster Recovery with Azure Backup

Sep 11, 2023
Sep 12, 2023
What is Azure Data Studio?

Aug 14, 2023
Azure Stack HCI Deployment: Choosing Between Large Clusters vs. Smaller Specialized Clusters

May 8, 2023
May 09, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.