![]() ![]() The integration runtimes using Azure Data Factory or Azure Synapse can be used in on-prem or cloud-based models. This is exclusive to the Synapse pipelines and does not pertain to the rest of Azure Synapse. Affected SystemsĬVE-2022-29972 is specific to the Amazon Redshift ODBC connector in use by Azure Data Factory as well as the Azure Synapse Pipelines. Microsoft conducted a detailed internal investigation and found no cases of abuse or exploitation in the wild. SynLapse allows attackers to bypass tenant separation, which in turn can lead to credential access to other Azure Synapse customer accounts, control of the Azure Synapse workspaces, code execution on the targeted machines within the Azure Synapse Analytics service, as well as leaking of credentials to sources outside of Azure. ![]() It is specific to the open database connectivity (ODBC) driver that is used to connect to Amazon Redshift. The vulnerability targets the Azure Data Factory and Azure Synapse pipelines. Microsoft has recently mitigated a vulnerability that was brought to their attention by researchers at Orca. This bulletin was written by Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |