1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • High-severity Microsoft bug opened door to container cluster hija

    From TechnologyDaily@1337:1/100 to All on Thu Jun 30 18:30:04 2022
    High-severity Microsoft bug opened door to container cluster hijacking

    Date:
    Thu, 30 Jun 2022 17:15:43 +0000

    Description:
    Microsoft has patched a high-severity vulnerability found in Service Fabric.

    FULL STORY ======================================================================

    After being tipped off by cybersecurity researchers from Unit 42, a division of Palo Alto Networks, Microsoft has pushed out a patch for a high-severity vulnerability found in Service Fabric.

    Publishing a blog post to explain what happened, Microsoft said the vulnerability allowed potential threat actors to obtain rook privileges on a node, further allowing them full takeover of other nodes in the cluster.

    Tracked as CVE-2022-30137, the flaw has been dubbed FabricScape and is
    present only in Linux containers. Windows seems to have dodged the bullet, as unprivileged actors cannot create symlinks on the OS. Accessing containerized workloads

    Microsoft describes Service Fabric as the companys container orchestrator for deploying and managing microservices across a cluster of machines.

    Service Fabric is capable of deploying applications in seconds, at high density, with thousands of applications, or containers, per machine. Today,
    it hosts more than a million applications, and powers major services such as Azure SQL Database, or Azure CosmosDB, SiliconAngle reported. Read more

    Microsoft Azure is going all in on Arm-based chips



    Our list of the best VM software around



    Azure eats into AWS lead as cloud market continues to grow

    Thankfully, exploiting the flaw would require a little preparation; the attacker would first need to compromise a containerized workload, deployed by the owner of a Linux SF cluster. Then, the hostile code running inside the container needs to substitute an index file read by SF Diagnostics Collection Agent (DCA) with a symlink.

    Using an additional timing attack, an attacker could gain control of the machine hosting the SF node, Microsoft explained.

    It would seem as if the flaw has not yet been exploited in the wild, but the researchers are urging users to patch it up immediately, given the severity
    of the flaw.

    The patch has been available since May 26, 2022, and has been applied automatically to all who have automatic updates turned on. These are the best small business servers right now

    Via SiliconAngle



    ======================================================================
    Link to news story: https://www.techradar.com/news/high-severity-microsoft-bug-opened-door-to-cont ainer-cluster-hijacking/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)