Skip to content
Unveiling the Next Big Investment Opportunitiesmanufacturingindustryenergyfinanceretailinterior-designcookingtransportationcybersecurityoutdoor-livingfashion-and-beautyfood-and-drinklifestylediningfamily-dynamicsinvestingwealth-managementhome-and-gardenhome-improvementbakingbeverageslove-and-datingpersonal-financerecipes

Azure Synapse's significant security issue addressed by Microsoft, as prior fixes failed to meet the mark

Attackers may seize control of tenant workspaces through remote code execution, according to a warning issued by Orca Security in January.

 and  Administrator
2 min read
Microsoft addresses a major flaw in Azure Synapse, as previous patches prove ineffective
Microsoft addresses a major flaw in Azure Synapse, as previous patches prove ineffective

Azure Synapse's significant security issue addressed by Microsoft, as prior fixes failed to meet the mark

In early January, security researchers at Orca Security disclosed a critical vulnerability in Microsoft's Azure Synapse Analytics, named SynLapse. This vulnerability, if exploited, could have allowed attackers to steal credentials, execute code, and gain control over workspaces of other Azure Synapse customers.

Microsoft promptly conducted an internal investigation into the SynLapse vulnerability and published an extensive blog about it on May 9. The tech giant claimed that the vulnerability was fully mitigated by April 15th. However, it was noted that the vulnerability did not impact Azure Synapse as a whole.

The SynLapse vulnerability affected an Open Database Connectivity driver used in Amazon Synapse pipelines and Azure Data Factory Integration Runtime. To prevent similar issues in the future, researchers suggested Microsoft move the integration runtime to a sandboxed ephemeral virtual machine (VM) to prevent shared execution of code between tenants. They also emphasized the importance of implementing least privilege access to the internal management server.

Microsoft worked closely with Orca Security researchers to fix the vulnerability, but the issue persisted even after the second patch. Erik Nost, senior analyst at Forrester, highlighted the need for Microsoft and security practitioners to consider the implications of disclosing vulnerabilities to the world, including potential exploitation by adversaries.

Corporate stakeholders have shown a growing interest in understanding the risk calculus of their technology stacks, with a focus on whether they are a potential target. Tenable's CEO Amit Yoran criticized Microsoft for failing to adequately disclose vulnerabilities to customers and respond to researchers in a timely manner.

Microsoft has mitigated the SynLapse vulnerability, but no action is needed by Azure Data Factory or Azure Synapse pipeline customers if they are hosted in the cloud (Azure Integration Runtime) or hosted on-premises with auto-updates turned on. Despite the recent criticism, Microsoft continues to work towards enhancing its security measures and transparency with customers.

Read also:

Related

Latest