Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service


Researchers described a vulnerability in Microsoft’s Azure Service Fabric as “serious,” but the company has since corrected the issue. If exploited, it would have permitted a hostile actor acting in an unauthenticated manner to run code on a container that was hosted on the platform.

The cross-site scripting hole, which Orca Security researchers named Super FabriXss, was found in December and reported to Microsoft, who fixed it in the March batch of Patch Tuesday updates, according to the researchers’ March 30 blog post outlining the bug’s technical specifications.

Read More…