Azure Service Fabric Explorer Flaw Let Attacker Gain Administrator Privileges

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing
Microsoft Azure Service Fabric has been exposed to a spoofing vulnerability that has been unveiled recently in a proof-of-concept exploit.

The flaw has been tracked as CVE-2022-35829 with medium severity by the security researchers at Orca Security, and they dubbed this flaw as “FabriXss,” an SFX spoofing flaw. Attackers could gain full access to the clusters managed by the Service Fabric by exploiting this flaw.

Using Azure Service Fabric, you can easily manage microservices and containers. While it becomes easy to manage them since it’s a distributed systems platform.


Here below we have mentioned the complete timeline:-

  • Orca reported the vulnerability to MSRC via MSRC VDP on August 11, 2022
  • MSRC reached back and started investigating the issue on August 16, 2022
  • MSRC worked towards removing the older version on September 1, 2022
  • Call with MSRC and Orca Team to discuss the Vulnerability on September 6, 2022
  • MSRC assigned CVE-2022-35829 for the vulnerability on October 11, 2022
  • Fix was included in Microsoft October 2022 Patch Tuesday on October 11, 2022

Vulnerability Analysis

Over one million apps are hosted on Service Fabric, and it powers multiple Microsoft products like:-

  • Microsoft Intune
  • Dynamics 365
  • Skype for Business
  • Cortana
  • Microsoft Power BI
  • Multiple core Azure services

The nodes and cloud applications in Azure Service Fabric clusters are of crucial components and to manage and inspect them Azure admins use the SFX (Service Fabric Explorer).

On August 11, security experts at Orca Security reported this vulnerability to MSRC (Microsoft Security Response Center). As part of the Patch for this month, Microsoft released the security updates on October 11 in which they addressed the vulnerability.

This vulnerability affects those who use version 8.1.316 or earlier of the Service Fabric Explorer (SFXv1). Threat actors can target only the older and unsupported versions of SFXv1 (Service Fabric Explorer) by using the FabriXss exploits.

Microsoft has confirmed that there has been no indication that FabriXss has been exploited in the wild. It has been recommended that all Service Fabric customers update to the latest version of the SFX in order to remain secure.

In the course of this year, Microsoft has patched several Azure Service Fabric vulnerabilities, which implies this vulnerability is not the only one fixed this year.

You can learn the complete technical analysis report here.