Cybersecurity News

Microsoft releases fixes for Azure flaw allowing RCE attacks

Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.

The Integration Runtime compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments package execution).

“The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime in Azure Synapse Pipelines, and Azure Data Factory,” Microsoft explained in a security advisory published today.

“Customers using Azure Data Factory can enable Azure integration runtimes with a Managed Virtual Network.”

In March, Microsoft said it fixed another Azure security vulnerability in December that enabled attackers to take complete control over other Azure customers’ data by abusing an Azure Automation service bug dubbed AutoWarp.

Other Microsoft Azure flaws fixed by Redmond during the last year include ones found in Azure Cosmos DB, the Open Management Infrastructure software agent, and the Azure App Service.

Stay on Top of Cyber Threats!
Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Recent Cybersecurity News

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.
Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email