Technical details of RCE vulnerability “SynLapse” published Reported in…

36

Microsoft has integrated additional enhancements to address the recently disclosed SynLapse vulnerability to address broad tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines.

Recent safeguards include moving the shared integration runtimes to short-lived sandbox instances and using scoped tokens to prevent attackers from using a client certificate to access other tenants’ information.

“This means that if an attacker could run code on the integration runtime, it will never be shared between two different tenants, so no sensitive data is at risk,” Orca Security said in a technical report detailing the flaw .

Internet security

In a statement shared with The Hacker News about the protections deployed, Microsoft said it has fully mitigated various attack paths to the vulnerability across all integration runtime types.

The tech giant explained that it “included the backend certificate and closely monitored for adversary activity and pivots,…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.