Microsoft published a security advisory that states security updates patching a vulnerability affecting Azure Synapse and Azure Data Factory is now available. The tech giant urges users to apply the patch as soon as possible to protect their systems against possible remote code execution attacks across the Integration Runtime infrastructure. The vulnerability, tracked as CVE-2022-29972, is also known as SynLapse.
Azure Synapse and Azure Data Factory
Microsoft also stated that currently there is no evidence of active exploitation of the vulnerability. Security researchers claim that the vulnerability can be exploited to access and control Synapse workspaces, also allowing them to leak sensitive data, such as Azure’s service keys, API tokens, and passwords.
Microsoft stated that the vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime (IR) in Azure Synapse Pipelines, and Azure Data Factory. The vulnerability could have allowed an attacker to execute remote commands across Integration Runtimes. To fix the vulnerability, the tech giant worked with a third-party vendor.
Microsoft fully mitigated attack paths to this vulnerability on April 15, 2022, by taking the following steps across all IR types:
- Mitigated remote command execution in the impacted driver
- Reduced the job execution privilege in the Azure Integration Runtime
- Added extra validation layers as a defense in depth to harden the service
- Rotated and revoked the backend service certificate and other Microsoft credentials that were accessed by the finder
- Collaborated with the third-party ODBC driver provider on root-cause fixes to the driver used to connect to Amazon Redshift
- Reviewed third-party driver vendor code and ran our security tooling to ensure it meets our security standards