On Monday, Microsoft said it patched a vulnerability plaguing Azure Synapse and Azure Data Factory. Further, Microsoft said, if the vulnerability was successfully exploited, it could lead to remote code execution.
Researchers from Orca Security have codenamed the vulnerability, labelled CVE-2022029972, “SynLapse”. Orca researchers were the first to report the vulnerability to Microsoft in January 2022.
“The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole,” the company said.
“The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure not limited to a single tenant.”
An attacker can weaponise the bug to obtain the Azure Data Factory service certificate and get another tenant’s Integration Runtimes to access sensitive information, effectively penetrating through the tenant separation protections.
The tech giant, which fixed the vulnerability on April 15, said that it hadn’t received any reports of misuse or exploitation of the vulnerability in the wild.
That said, the Redmond-based company has shared Microsoft Defender for Endpoint and Microsoft Defender Antivirus detections to protect customers from potential exploitation, adding it’s working to bolster the security of third-party data connectors by working with driver vendors.
The flaw comes on the back of another vulnerability called “AutoWarp,” which Microsoft fixed. The AutoaWarp vulnerability affected Azure Automation service that could allow unauthorised access and hacking of Azure customer accounts.
Last month, Microsoft also resolved a pair of issues — dubbed “ExtraReplica” — with the Azure Database for PostgreSQL Flexible Server that could result in unapproved cross-account database access in a region.
Reference
https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html
