• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft mitigates rce vulnerability affecting azure synapse and data factory

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

You are here: Home / General Cyber Security News / Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
May 10, 2022

Microsoft on Monday disclosed that it mitigated a security flaw influencing Azure Synapse and Azure Details Factory that, if productively exploited, could end result in remote code execution.

The vulnerability, tracked as CVE-2022-29972, has been codenamed “SynLapse” by researchers from Orca Security, who described the flaw to Microsoft in January 2022.

“The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver made use of to link to Amazon Redshift in Azure Synapse pipelines and Azure Knowledge Factory Integration Runtime (IR) and did not effects Azure Synapse as a full,” the corporation mentioned.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The vulnerability could have permitted an attacker to accomplish distant command execution across IR infrastructure not limited to a solitary tenant.”

In other terms, a destructive actor can weaponize the bug to receive the Azure Knowledge Manufacturing unit support certificate and obtain another tenant’s Integration Runtimes to get accessibility to delicate info, properly breaking tenant separation protections.

The tech giant, which resolved the security flaw on April 15, claimed it observed no proof of misuse or destructive activity involved with the vulnerability in the wild.

That mentioned, the Redmond-based mostly organization has shared Microsoft Defender for Endpoint and Microsoft Defender Antivirus detections to guard customers from potential exploitation, adding it is doing work to bolster the security of 3rd-party information connectors by operating with driver sellers.

The results occur a tiny in excess of two months right after Microsoft remediated an “AutoWarp” flaw impacting its Azure Automation company that could have permitted unauthorized accessibility to other Azure client accounts and acquire above management.

Past thirty day period, Microsoft also settled a pair of issues — dubbed “ExtraReplica” — with the Azure Databases for PostgreSQL Versatile Server that could consequence in unapproved cross-account databases obtain in a region.

Found this write-up intriguing? Follow THN on Fb, Twitter  and LinkedIn to read through a lot more exclusive written content we submit.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Critical Infrastructure Firms See Cyber-Attacks Surge
Next Post: Costa Rica declares state of emergency following Conti ransomware attack costa rica declares state of emergency following conti ransomware attack»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.