Like most cloud and on-premises environments, Microsoft Azure also acts as an attack vector for malicious actors. Since a security flaw in Azure can potentially affect millions of consumers, it is essential that Microsoft fix such issues in a timely manner. Now, the company has revealed details about one such issue that it recently patched in Azure Service Fabric.

For those who don’t know, Azure Service Fabric is a service that allows people to host applications in managed environments in the Azure cloud. In fact, several Microsoft projects are built with Azure Service Fabric, including Cortana/Bing, Power BI, Skype for Business, Azure SQL Database, and more.

On January 30, Palo Alto Networks privately disclosed a security flaw in Azure Service Fabric to Microsoft. The issue was dubbed “FabricScape” and while the details of the exploit are highly technical (you can still read about it in detail here), here is the high-level summary provided by Microsoft:

• Step 1 – An attacker must compromise a containerized workload deployed by a Linux SF cluster owner.
• Step 2 – Hostile code running inside the container could replace an index file read by DCA with a symbolic link.
  • Using an additional timing attack, an attacker could gain control of the machine hosting the SF node.

Although the issue was present on both Windows and Linux clusters, Microsoft determined that it can only be exploited on the latter. A successful attack on a compromised Linux container could allow a malicious actor to perform a privilege escalation attack on the host node and then gain control of the entire cluster.

After the bug was privately reported to Microsoft on January 30, the company rolled out a fix on May 24. Details of the exploit have also been communicated to customers using automatic update mechanisms. Then, on June 9, a public advisory on best practices for Azure Service Fabric was released. Finally, on June 14, Microsoft publicly rolled out the fix to customers with automatic updates enabled. Meanwhile, those without automatic updates enabled were informed of the issue via Azure Service Health.

It goes without saying that it is recommended that you upgrade your Azure Service Fabric clusters and also make sure you follow the Microsoft best practices recommended here.