• Latest
  • Trending
Microsoft Azure FabricScape bug let hackers hijack Linux clusters

Microsoft Azure FabricScape bug let hackers hijack Linux clusters

June 30, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Microsoft Azure FabricScape bug let hackers hijack Linux clusters

by ITECHNEWS
June 30, 2022
in Infosec, Leading Stories
0 0
0
Microsoft Azure FabricScape bug let hackers hijack Linux clusters

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric (SF) application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.

Service Fabric is a platform for business-critical applications that hosts over 1 million apps, according to Microsoft data.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

It also powers many Microsoft products, including but not limited to Azure SQL Database, Azure Cosmos DB, Microsoft Intune, Azure Event Hubs, Azure IoT Hub, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multiple core Azure services.

The SF security flaw is tracked as CVE-2022-30137 was discovered by Palo Alto Networks’ Unit 42 researchers, who also reported it to Microsoft on January 30.

The vulnerability is due to a race-conditioned arbitrary write in the Data Collection Agent (DCA) Service Fabric component (running as root) that enables attackers to overwrite files in the node file system with malicious content by creating symlinks to gain code execution.

Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42’s report.

“Microsoft recommends that customers continue to review all containerized workloads (both Linux and Windows) which are permitted access to their host clusters,” Microsoft advised.

“By default, an SF cluster is a single-tenant environment and thus there is no isolation between applications. Creating isolation is possible and additional guidance on hosting untrusted code can be found on the Azure Service Fabric security best practices page.”

FabricScape exploitation flow
FabricScape exploitation flow (Unit 42)

Bug fixed five months later

Redmond addressed the vulnerability with the release of the Microsoft Azure Service Fabric 9.0 Cumulative Update on June 14 according to Unit 42’s report (Microsoft says the fix was made available on May 26).

Fixes for this flaw have been pushed to automatically updated Linux clusters starting on June 14, after the security advisory detailing the bug was published.

Customers who have enabled automatic updates on their Linux clusters don’t need to take any further action.

However, those running Azure Service Fabric without automatic updates are advised to upgrade their Linux clusters to the most recent Service Fabric release as soon as possible.

“While we’re not aware of any attacks in the wild that have successfully exploited this vulnerability, we want to urge organizations to take immediate action to identify whether their environments are vulnerable and quickly implement patches if they are,” Palo Alto Networks said.

Microsoft says that customers that haven’t enabled automatic updates have been notified about this issue via portal notifications sent through Azure Service Health.

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: Microsoft Azure FabricScape bug let hackers hijack Linux clusters
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version