What is it?
A serious vulnerability was found in Microsoft Azure, specifically in its Service Fabric Explorer (SFX). It is a Cross-Site Scripting (XSS) which has the potential to allow remote code execution on a container hosted within a Service Fabric note without asking for authentication.
This vulnerability is called “Super FabriXss”
You can learn more information in the National Vulnerability Database, here.
Who does this affect?
If you are an organization using Microsoft Azure, specifically the Service Fabrication Explorer version 9.1.1436.9590 or earlier – then you are vulnerable.
What to do if you are vulnerable?
Microsoft has included a patch for this vulnerability in their March 2023 patch. If you have automatic updates turned on, no further action is needed.
If you do not have auto-updates turned on, then the patch will need to be applied to close the vulnerability.
Britec Helps
At Britec, we stay on the pulse of information security and all our clients are patched and protected. If you have been impacted and need help, please contact us if you wish.