Microsoft on Monday disclosed that it mitigated a security flaw impacting Azure Synapse and Azure Information Factory that, if productively exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2022-29972, has been codenamed “SynLapse” by scientists from Orca Security, who documented the flaw to Microsoft in January 2022.
“The vulnerability was specific to the third-occasion Open Database Connectivity (ODBC) driver utilized to join to Amazon Redshift in Azure Synapse pipelines and Azure Data Manufacturing facility Integration Runtime (IR) and did not impact Azure Synapse as a whole,” the firm reported.
“The vulnerability could have authorized an attacker to accomplish remote command execution across IR infrastructure not limited to a solitary tenant.”
In other text, a destructive actor can weaponize the bug to get the Azure Facts Manufacturing unit support certificate and obtain a further tenant’s Integration Runtimes to get entry to delicate details, efficiently breaking tenant separation protections.
The tech huge, which resolved the security flaw on April 15, reported it discovered no proof of misuse or destructive action associated with the vulnerability in the wild.
That said, the Redmond-based business has shared Microsoft Defender for Endpoint and Microsoft Defender Antivirus detections to secure consumers from opportunity exploitation, incorporating it’s doing work to bolster the security of third-get together data connectors by doing work with driver suppliers.
The findings appear a tiny above two months after Microsoft remediated an “AutoWarp” flaw impacting its Azure Automation provider that could have permitted unauthorized accessibility to other Azure client accounts and consider above regulate.
Past thirty day period, Microsoft also resolved a pair of issues โ dubbed “ExtraReplica” โ with the Azure Database for PostgreSQL Versatile Server that could end result in unapproved cross-account database access in a location.
Uncovered this write-up attention-grabbing? Adhere to THN on Fb, Twitter ๏ and LinkedIn to go through more unique articles we write-up.
Some parts of this article are sourced from:
thehackernews.com