Microsoft has integrated additional enhancements to address the recently disclosed SynLapse vulnerability to address broad tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines.
Recent safeguards include moving the shared integration runtimes to short-lived sandbox instances and using scoped tokens to prevent attackers from using a client certificate to access other tenants’ information.
“This means that if an attacker could run code on the integration runtime, it will never be shared between two different tenants, so no sensitive data is at risk,” Orca Security said in a technical report detailing the flaw .
In a statement shared with The Hacker News about the protections deployed, Microsoft said it has fully mitigated various attack paths to the vulnerability across all integration runtime types.
The tech giant explained that it “included the backend certificate and closely monitored for adversary activity and pivots,…
