Security News > 2022 > May > Microsoft releases fixes for Azure flaw allowing RCE attacks

Microsoft releases fixes for Azure flaw allowing RCE attacks
2022-05-09 17:42

Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.

The Integration Runtime compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments package execution).

"The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime in Azure Synapse Pipelines, and Azure Data Factory," Microsoft explained in a security advisory published today.

"Customers using Azure Data Factory can enable Azure integration runtimes with a Managed Virtual Network."

In March, Microsoft said it fixed another Azure security vulnerability in December that enabled attackers to take complete control over other Azure customers' data by abusing an Azure Automation service bug dubbed AutoWarp.

Other Microsoft Azure flaws fixed by Redmond during the last year include ones found in Azure Cosmos DB, the Open Management Infrastructure software agent, and the Azure App Service.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-releases-fixes-for-azure-flaw-allowing-rce-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399