• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

You are here: Home / General Cyber Security News / Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
May 10, 2022

Azure Synapse and Data Factory

Microsoft on Monday disclosed that it mitigated a security flaw influencing Azure Synapse and Azure Details Factory that, if productively exploited, could end result in remote code execution.

The vulnerability, tracked as CVE-2022-29972, has been codenamed “SynLapse” by researchers from Orca Security, who described the flaw to Microsoft in January 2022.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver made use of to link to Amazon Redshift in Azure Synapse pipelines and Azure Knowledge Factory Integration Runtime (IR) and did not effects Azure Synapse as a full,” the corporation mentioned.

“The vulnerability could have permitted an attacker to accomplish distant command execution across IR infrastructure not limited to a solitary tenant.”

In other terms, a destructive actor can weaponize the bug to receive the Azure Knowledge Manufacturing unit support certificate and obtain another tenant’s Integration Runtimes to get accessibility to delicate info, properly breaking tenant separation protections.

The tech giant, which resolved the security flaw on April 15, claimed it observed no proof of misuse or destructive activity involved with the vulnerability in the wild.

That mentioned, the Redmond-based mostly organization has shared Microsoft Defender for Endpoint and Microsoft Defender Antivirus detections to guard customers from potential exploitation, adding it is doing work to bolster the security of 3rd-party information connectors by operating with driver sellers.

The results occur a tiny in excess of two months right after Microsoft remediated an “AutoWarp” flaw impacting its Azure Automation company that could have permitted unauthorized accessibility to other Azure client accounts and acquire above management.

Past thirty day period, Microsoft also settled a pair of issues — dubbed “ExtraReplica” — with the Azure Databases for PostgreSQL Versatile Server that could consequence in unapproved cross-account databases obtain in a region.

Found this write-up intriguing? Follow THN on Fb, Twitter  and LinkedIn to read through a lot more exclusive written content we submit.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Critical Infrastructure Firms See Cyber-Attacks Surge

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
  • Critical Infrastructure Firms See Cyber-Attacks Surge
  • UK Government Security Experts Take Down 2.7 Million Scams
  • Researchers Find 31,000 FTSE 100 Logins on Dark Web
  • U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack
  • Critical Gems Takeover Bug Reported in RubyGems Package Manager
  • Low-rent RAT Worries Researchers
  • Hackers Replace Russian TV Schedules During ‘Victory Day’ With Anti-War Messages
  • FBI: Rise in Business Email-based Attacks is a $43B Headache
  • Agricultural Manufacturer AGCO Hit by Ransomware

Copyright © TheCyberSecurity.News, All Rights Reserved.