According to a recent report, Microsoft has been able to roll-out a patch for one of their vulnerabilities, (CVE-2022-30137), also known as FabricScape. The report suggests that due to FabricScape, the attackers were able to escalate their privileges within Linux containers.
Hackers would gain a root privilege on the node, and were then able to compromise all the other nodes within that cluster. The containers having the default configuration of run-time access, would mostly be exploited by the bad actors.
A threat intelligence team, Palo Alto Unit 42, reported that they were actively working with Microsoft to mitigate the impact of this vulnerability. On June 14, 2022 there was a patch released by Microsoft, in order to fix this vulnerability.
The report suggests that the problem with the Linux cluster is resolved, and internal production environments, in Microsoft, were updated to deliver products and services powered by Microsoft Service Fabric.
The National Vulnerability Database (NVD) rated this vulnerability at 6.7, which is a medium severity rate.
The vulnerability was particularly important for Microsoft, because it was impacting their very important Microsoft Service Fabric. This particular Service Fabric is used by Azure, which is one of Microsoft’s public Cloud platform. Azure has more than 1 million applications, and offers multiple products like Cortana, Azure SQL database etc.
It is being suggested that the people using Azure Service Fabric, should up-grade their Linux Cluster to the latest Service Fabric update. On the other hand, customers that have already enabled automatic upgrades are not required to do anything.
Cyber criminals are looking for ways to target the system operators that are not frequently applying the recommended security patches and updates within the Microsoft Service Fabric.
The CEO at Viakoo, Bud Broomhead is of the opinion that cyber miscreants are looking for an opportunity, where they can find un-patched vulnerabilities and target them, just like hackers target open source software components.
Although it is understandable for some organizations to avoid Microsoft’s recommended automatic security upgrades, it is important that they are well-prepared to tackle any such vulnerability that might hamper their operations.
The application owners can get into trouble, if they act carelessly with the maintenance of these security patches. They can even lose their security insurance claims over the fact that they did not take the required security measures, on time.
According to a Senior Security Strategist at Synopsys Software Integrity Group, Jonathan Knudsen, the Common Vulnerabilities and Exposures (CVE) of this sort point towards two software security areas.
The first thing to remember is that users should not presume that the up-stream providers have already dealt with the software security posture, by default. Each container’s default run-time access is an individual choice. It will vary from person to person, depending on various factors and user preferences.
The second important thing is that there is no such thing as a bug-free software. Unfortunately, no software is fully immune from vulnerabilities. Enterprises must keenly observe their software supply chain, and detect anomalies before time. This will enable them to respond to these vulnerabilities in a proactive and efficient manner.
If you want to develop, deploy and maintain a software successfully, you should be able to carefully analyze its complex supply chain, in addition to its operational elements.
A tried and tested approach to having a resilient software security posture is to effectively utilize the resources at hand to mitigate the risks attached to various cybersecurity threats.