Like most cloud and local environments, Microsoft Azure also acts as an attack vector for malicious actors. Since a security flaw in Azure can potentially impact millions of consumers, it is essential that Microsoft patches such problems in a timely manner. Now, the company has revealed details about one such issue that it recently patched in Azure Service Fabric.
For those unaware, Azure Service Fabric is a service that enables people to host applications in managed environments on the Azure cloud. In fact, multiple Microsoft projects are built using Azure Service Fabric, including Cortana/Bing, Power BI, Skype for Business, Azure SQL Database, and more.
On January 30, Palo Alto Networks privately disclosed a security flaw in Azure Service Fabric to Microsoft. The issue was dubbed "FabricScape" and while the details of the exploit are highly technical - you can still read about it in detail here -, here is the high-level summary provided by Microsoft:
- Step 1: An attacker must compromise a containerized workload deployed by the owner of a Linux SF cluster.
- Step 2: The hostile code running inside the container could substitute an index file read by DCA with a symlink.
- Using an additional timing attack, an attacker could gain control of the machine hosting the SF node.
Although the issue was present in both Windows and Linux clusters, Microsoft determined that it can only be exploited on the latter. A successful attack on a compromised Linux container could enable a malicious actor to perform a privilege escalation attack on the host node, and then gain control of the whole cluster.
After the bug was privately reported to Microsoft on January 30, the company implemented a fix on May 24. Details of the exploit were also communicated to customers who use automatic update mechanisms. Then on June 9, a public advisory about best practices for Azure Service Fabric was published. Finally, on June 14, Microsoft publicly deployed the fix for customers with automatic updates enabled. Meanwhile, those who don't have automatic updates enabled were informed of the issue via Azure Service Health.
Needless to say, it is recommended that you update your Azure Service Fabric clusters and also ensure that you follow Microsoft's best practices recommended here.
1 Comment - Add comment