Microsoft Patches Dangerous RCE Flaw in Azure Cloud Service

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Patches Dangerous RCE Flaw in Azure Cloud Service


The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platforms nodes.



Microsoft has patched what researchers called a dangerous flaw in its Azure Service Fabric component of the companys cloud-hosting infrastructure. If exploited, it would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform.
Researchers from Orca Security discovered the cross-site scripting (XSS) flaw — which they dubbed Super FabriXss — in December and reported it to Microsoft, which issued a fix for it in Marchs round of
Patch Tuesday
updates, the researchers said
in a blog post
published March 30, revealing the technical details of the bug.
They also demonstrated how attackers can take advantage of the flaw — which makes Azure Service Fabric Explorer versions 9.1.1436.9590 or earlier vulnerable to exploit — in a
presentation at Microsofts

BlueHat IL 2023
in Tel Aviv today. 
Super FabriXss, tracked as
CVE-2023-23383
with a CVSS rating of 8.2, is the second XSS flaw so far that Orca researchers discovered in Azure Service Fabric Explorer. Part of Microsofts Azure cloud computing platform, Azure Service enables packaging, deployment, and management of stateless and stateful microservices and containers on large-scale distributed systems.
The first XSS vulnerability, dubbed FabriXss and
detailed by Orca researchers
in October, did not pose as severe a risk as its successor, the researchers said. FabriXss, also patched quickly by Microsoft in a Patch Tuesday update, would have allowed an attacker to gain full administrator permissions on the Service Fabric cluster.
With Super FabriXss, a remote unauthenticated attacker can execute code on a container hosted on one of the Service Fabric nodes, which means that an attacker could potentially gain control of critical systems and cause significant damage, Lidor Ben Shitrit, cloud security researcher at Orca Security, wrote in the post.
Using Super FabriXss, an attacker could craft a malicious URL that, when clicked, initiates a multi-step process eventually leading to the creation and deployment of a harmful container on one of the cluster nodes, Shitrit tells Dark Reading.
Specifically, researchers demonstrated at BlueHat how they could escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated RCE by abusing the metrics tab and enabling a specific option in the console: the Cluster Type toggle, Shitrit wrote in the post.
To exploit this vulnerability, a victim (an authenticated Service Fabric Explorer user) must first click on the malicious URL and then be guided to click on the Cluster Type under the Events tab, he explains to Dark Reading. Once exploited, sensitive cluster data could be revealed to the attacker, potentially allowing them to expand the attack to a larger surface.
The vulnerability itself arises from a vulnerable Node Name parameter, which can be exploited to embed an iframe in the users context, Shitrit said in the post. This iframe then retrieves remote files from a server controlled by the attacker, eventually leading to the execution of a malicious PowerShell reverse shell.
This attack chain can ultimately result in remote code execution on the container [that] is deployed to the cluster, potentially allowing an attacker to take control of critical systems, he wrote.
Orca reported the vulnerability to the Microsoft Security Response Center (MSRC) on Dec. 20, and an investigation into the issue begun later that month, on Dec. 31, the researchers said. Orca researchers and MSRC communicated several times regarding the impact of the flaw before Microsoft assigned CVE-2023-23383 to the vulnerability and issued a patch for it on March 14 that automatically fixed the issue for customers.
While no further action is necessary by Azure Service Fabric users, the flaw does, once again, highlight the
inherent danger
of unpatched flaws in cloud-based architectures that an enterprise deploys, he tells Dark Reading.
These vulnerabilities
can pose higher risks compared to on-premises solutions, Shitrit says.
With cloud-based systems, organizations often depend on third-party providers, leading to a larger attack surface and less control over security measures, he adds. Additionally, its important to consider the multi-tenant nature of cloud environments and the significance of maintaining proper isolation between tenants.
To address risks posed by cloud-based flaws like Super FabriXss, he suggests that organizations maintain a regime of cloud security hygiene. This includes regularly applying patches, monitoring security, addressing vulnerabilities, training employees on best practices, applying network segmentation, enforcing least-privilege permissions, collaborating with providers, and creating a robust incident response plan, Shitrit says.
These combined efforts help ensure a secure and resilient cloud environment, he says.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Patches Dangerous RCE Flaw in Azure Cloud Service