Security News > 2022 > May > Microsoft releases fixes for Azure flaw allowing RCE attacks
Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.
The Integration Runtime compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments package execution).
"The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime in Azure Synapse Pipelines, and Azure Data Factory," Microsoft explained in a security advisory published today.
"Customers using Azure Data Factory can enable Azure integration runtimes with a Managed Virtual Network."
In March, Microsoft said it fixed another Azure security vulnerability in December that enabled attackers to take complete control over other Azure customers' data by abusing an Azure Automation service bug dubbed AutoWarp.
Other Microsoft Azure flaws fixed by Redmond during the last year include ones found in Azure Cosmos DB, the Open Management Infrastructure software agent, and the Azure App Service.
News URL
Related news
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)