"Windows has been thoroughly vetted"
Oh really ?
You don't say. By who ?
Maybe you get some of those guys to thoroughly vet your updates as well ?
Silly me, I need some more frog pills . . .
Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release. The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/ …
>>>"By design," said Microsoft, "root access on the machine hosting the SF note is not considered a security boundary in an SF cluster; the highest privileged role on a node is equally privileged anywhere in the same cluster."<<<
By design root access is not a security boundary ! - MS harking back to DOS then...
My thought exactly. It's a Linux issue because Windows doesn't allow you to do much so you can't exploit this Microsoft bug from Windows...
- Embrace : Check, Linux on Azure
- Extend : not an issue in a Cloud, it's more like "Empower" there (still an "E" so in-spec)
- Extinguish : Let's artificially create security bugs on our platform that are only exploitable from the competition's guest, then claim it's the guest's fault.
This post has been deleted by its author
Biting the hand that feeds IT © 1998–2022