After being tipped off by cybersecurity researchers from Unit 42, a division of Palo Alto Networks, Microsoft has pushed out a patch for a high-severity vulnerability found in Service Fabric.
Publishing a blog post(opens in new tab) to explain what happened, Microsoft said the vulnerability allowed potential threat actors to obtain rook privileges on a node, further allowing them full takeover of other nodes in the cluster.
Tracked as CVE-2022-30137, the flaw has been dubbed “FabricScape” and is present only in Linux containers. Windows seems to have dodged the bullet, as unprivileged actors cannot create symlinks on the OS.