Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.
The
Integration Runtime (IR) compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments (e.g., data flow, activity dispatch, SQL Server Integration Services (SSIS) package execution).
The vulnerability (tracked as CVE-2022-29972 and reported by Orca Security) was mitigated on April 15, with no evidence of exploitation before fixes were released.
"The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime (IR) in Azure Synapse Pipelines, and Azure Data Factory," Microsoft
explained in a security advisory published today.
"The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure not limited to a single tenant," the company added in a Microsoft Security Response Center (MSRC) blog post.
Successful exploitation of this ODBC connector for Amazon Redshift flaw could let malicious attackers running jobs in a Synapse pipeline execute remote commands.
In the next attack stage, they could potentially steal the Azure Data Factory service certificate to execute commands in another tenant's Azure Data Factory Integration Runtimes.
Pentest tools left online are allowing hackers to exploit Fortune 500 firms
CISA Warns of Microsoft PowerPoint Code Injection Vulnerability Exploited in Attacks
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access