image credit: Adobe Stock

High-severity Microsoft bug opened door to container cluster hijacking

June 30, 2022

Via: Techradar

After being tipped off by cybersecurity researchers from Unit 42, a division of Palo Alto Networks, Microsoft has pushed out a patch for a high-severity vulnerability found in Service Fabric.

Publishing a blog post(opens in new tab) to explain what happened, Microsoft said the vulnerability allowed potential threat actors to obtain rook privileges on a node, further allowing them full takeover of other nodes in the cluster.

Tracked as CVE-2022-30137, the flaw has been dubbed “FabricScape” and is present only in Linux containers. Windows seems to have dodged the bullet, as unprivileged actors cannot create symlinks on the OS.

Read More on Techradar