A dangerous vulnerability in Microsoft Azure allows you to hijack accounts

image

Microsoft has implemented additional improvements to address the recently discovered SynLapse vulnerability in order to meet the complex requirements for client isolation in Azure
Data Factory and Azure Synapse Pipelines.

The security measures taken include moving shared integration runtimes to isolated ephemeral instances and using tokens with limited scope so that an attacker cannot use a client certificate to access other users’ accounts.

“This means that if an attacker can execute code in the integration runtime, he will not be able to interact with other tenants, so sensitive data will be safe”, — specified in the Orca Security technical report.

According to Microsoft, the company has completely prevented various ways of attacking the vulnerability in all types of the Azure integration runtime. The dangerous RCE vulnerability CVE-2022-29972 discovered by Tenable this year with a CVSS rating of 7.8 could allow an attacker to gain access to the Azure cloud environment.

“SynLapse may allow an attacker to gain access to Synapse resources owned by other clients through an internal Azure API server that manages integration execution environments”, — the researchers said.

“SynLapse allows a cybercriminal to elevate privileges to root the user in the Apache Spark base VMs or infect the hosts file of all nodes in the Apache Spark pool. The vulnerability provides an opportunity for further lateral movement and compromise of the infrastructure, which could lead to the theft of other customers’ data.”, — the company ‘s message says .

On April 30, 2022, the privilege escalation vulnerability was eliminated, but the poisoning attack hosts the files are still not
fixed.

Start a discussion …