Written on 30/06/2022

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster.

The issue - dubbed FabricScape (CVE-2022-30137), could only be weaponized on containers that are configured to have runtime access. It has been remediated as of June 14, 2022, in Service Fabric 9.0 Cumulative Update 1.0.

"The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource's host SF node and the entire cluster,"

Microsoft said as part of the coordinated disclosure process.

"Though the bug exists on both Operating System (OS) platforms, it is only exploitable on Linux; Windows has been thoroughly vetted and found not to be vulnerable to this attack."

Code execution is achieved by taking advantage of the flaw to override the "/etc/environment" file on the host.  

Although there is no evidence that the vulnerability has been exploited in real-world attacks to date, it's crucial that organizations take immediate action to determine if their environments are susceptible and implement the patches.

Microsoft has also urged organizations using the service to review containerized workloads in both Linux and Windows environments and take additional measures to create isolation modes when considering hosting untrusted applications and remove their access to the Service Fabric runtime.

All news