Tag Archive for: fabric

Linux Container-Escape Flaw in Azure Service Fabric

/in


Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node and take over all other nodes in the cluster.

The privilege-escalation bug is only exploitable on Linux containers, though it is present in Windows container environments as well, Microsoft said in an advisory Tuesday. Security researchers from Palo Alto Networks reported the bug — which they have dubbed FabricScape — along with a fully operational exploit, on Jan. 30, 2022. Microsoft released a fix for the issue (CVE-2022-30137) on June 14, but details on the bug were just released this week.

The fix has been applied to all customers that are subscribed to Microsoft’s automatic update service, but others will need to manually patch to the latest version of Service Fabric. “Customers whose Linux clusters are automatically updated do not need to take further action,” the company said in its bug disclosure announcement.

A Privilege-Escalation Issue

Service Fabric is a Microsoft container-orchestration technology — like Kubernetes. Numerous organizations use it as a platform-as-a-service to deploy and manage containers and microservices-based cloud applications across a cluster of machines. Palo Alto Networks used Microsoft data to estimate that Service Fabric hosts more than 1 million applications daily across millions of cores.

The bug that Palo Alto Network discovered exists in a logging function with high privileges in a Service Fabric component called Data Collection Agent (DCA). Researchers from the security vendor’s Unit 42 threat intelligence team found that an attacker with access to a compromised container could exploit the vulnerability to escalate privileges and gain control of the host node and, from there, escape it and attack the entire cluster.

“The vulnerability allows attackers to take over the entire Service Fabric environment if they get a hold of a single application,” says Ariel Zelivansky, director of security research at Palo Alto Networks. This allows attackers to perform lateral movement and to steal, destroy, or manipulate data. Other actions that an attacker…

Source…

New security fabric to unite Fortinet gear with that of other vendors

/in

Fortinet is embarking on a mission for some of its firewalls and other products and those of third-party vendors to work together to boost security across core networks, remote devices and the cloud.

Called Fortinet Security Fabric, the architecture relies on direct communications inherent among certain of its own products (such as the FortiGate next-generation firewall, FortiWeb Web application firewall, FortiMail email security and FortiSandbox advanced threat protection system) as well as with those of other vendors via APIs.

Each third-party device can participate in sharing information depending on the capabilities of its API, says John Maddison, Fortinet’s senior vice president of products and solutions.

To read this article in full or to leave a comment, please click here

Network World Security

Microsoft reveals Azure Service Fabric, platform behind Cortana and more

/in

When Microsoft’s cloud platform, then known as Windows Azure, was first launched, it was strictly a Platform-as-a-Service offering. Apps written for Azure were deployed onto Windows and used Azure’s services such as storage, queues, and SQL databases. But management of the operating system and configuration of the virtual hardware beneath it was strictly Microsoft’s concern. In 2012, Azure added a VM role providing Infrastructure-as-a-Service capabilities in addition to the existing PaaS services.

Azure CTO Mark Russinovich announced today a new iteration the Azure PaaS offering, with Azure Service Fabric. Service Fabric provides a set of tools to do things such as offer smarter deployment with rolling upgrades to new application versions, health monitoring, automated rollbacks to earlier versions, scaling, and load balancing.

Service Fabric is built for “microservices,” where the functional parts that make up a service are split into small units that can be individually deployed, updated, distributed, and scaled. These smaller units are run in containers rather than directly on VMs. Service Fabric can handle the management and scaling of these containers, with potentially hundreds of containerized microservices running on a single VM.

Read 5 remaining paragraphs | Comments


Ars Technica » Technology Lab

Hold on to your pants: Microsoft ‘PocketTouch’ enables device input through fabric (Todd Bishop/GeekWire)

/in

Todd Bishop / GeekWire:
Hold on to your pants: Microsoft ‘PocketTouch’ enables device input through fabric  —  Microsoft researchers have come up with a way to make devices sensitive to touch input through fabric — for silencing a phone or even entering text without taking the device out of a pocket or bag.

Read more