Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.
The Integration Runtime compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments package execution).
“The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime in Azure Synapse Pipelines, and Azure Data Factory,” Microsoft explained in a security advisory published today.
“Customers using Azure Data Factory can enable Azure integration runtimes with a Managed Virtual Network.”
In March, Microsoft said it fixed another Azure security vulnerability in December that enabled attackers to take complete control over other Azure customers’ data by abusing an Azure Automation service bug dubbed AutoWarp.
Other Microsoft Azure flaws fixed by Redmond during the last year include ones found in Azure Cosmos DB, the Open Management Infrastructure software agent, and the Azure App Service.