Headline
Technical Details Released for 'SynLapse' RCE Vulnerability Reported in Microsoft Azure
Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client
Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines.
The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants’ information.
“This means that if an attacker could execute code on the integration runtime, it is never shared between two different tenants, so no sensitive data is in danger,” Orca Security said in a technical report detailing the flaw.
The high-severity issue, tracked as CVE-2022-29972 (CVSS score: 7.8) and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client’s cloud environment.
Originally reported by the cloud security company on January 4, 2022, SynLapse wasn’t fully patched until April 15, a little over 120 days after initial disclosure and two earlier fixes deployed by Microsoft were found to be easily bypassed.
“SynLapse enabled attackers to access Synapse resources belonging to other customers via an internal Azure API server managing the integration runtimes,” the researchers said.
Besides permitting an attacker to obtain credentials to other Azure Synapse customer accounts, the flaw made it possible to sidestep tenant separation and execute code on targeted customer machines as well as control Synapse workspaces and leak sensitive data to other external sources.
At its core, the issue relates to a case of command injection found in the Magnitude Simba Amazon Redshift ODBC connector used in Azure Synapse Pipelines that could be exploited to achieve code execution a user’s integration runtime, or on the shared integration runtime.
With these capabilities in hand, an attacker could have proceeded to dump the memory of the process that handles external connections, thereby leaking credentials to databases, servers, and other Azure services.
Even more concerningly, a client certificate contained in the shared integration runtime and used for authentication to an internal management server could be weaponized to access information pertaining to other customer accounts.
In stringing together the remote code execution bug and access to the control server certificate, the issue effectively opened the door to code execution on any integration runtime without knowing anything but the name of a Synapse workspace.
“It is worth noting that the major security flaw wasn’t so much the ability to execute code in a shared environment but rather the implications of such code execution,” the researchers noted.
“More specifically, the fact that given an RCE on the shared integration runtime let us use a client certificate providing access to a powerful, internal API server. This enabled an attacker to compromise the service and access other customers’ resources.”
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related news
By Waqas The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution)… This is a post from HackRead.com Read the original post: Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released
May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones. The post Update now! Microsoft releases patches, including one for actively exploited zero-day appeared first on Malwarebytes Labs.
Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of
Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]
Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. <!--adsense--> "The vulnerability was specific to
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.
Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could … Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Read More »
Summary Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole.