Security researchers at Orca uncovered a vulnerability in Microsoft Azure Synapse, dubbed SynLapse. This vulnerability lies in the ODBC or Online Database Connectivity method employed by Synapse. Once a bad actor gains access through this vulnerability, they can gain access to significant amounts of sensitive user data.
What is the threat?
The vulnerability, SynLapse, allow bad actors to extract critical user information through Microsoft Azure Synapse’s Online Database Connectivity (ODBC) connection source. Once a machine is targeted, not only can bad actors access machine’s information, including harvesting user credentials but it will give access to machines on the same network and expose users’ data using the program. This information is then often traded as a commodity in the dark web.
Why is it noteworthy?
With businesses of all size adopting the cloud for ecommerce and to increase their web presence, this vulnerability raises concerns for those who may not have security in place to protect against this vulnerability. This vulnerability also highlights how susceptible some major cloud tools are to cyberattacks and that bad actors can now target these sources to harvest data.
What is the exposure or risk?
This impact users using Microsoft Azure’s Synapse, as well as any entity from which Azure collects data. It includes Amazon S3 and Cosmos DB. Microsoft has made changes and patched this vulnerability.
What are the recommendations?
Barracuda MSP recommends applying the Microsoft patch to any Azure Synapse at your earliest convenience.
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html
- https://www.cybersecuritydive.com/news/microsoft-critical-vulnerability-azure-synapse-patch/625461/#:~:text=The%20vulnerability%2C%20dubbed%20SynLapse%20by,also%20impacted%20Azure%20Data%20Factory.
- https://thestack.technology/azure-synapse-vulnerability-finally-fixed/
If you have any questions, please contact our Security Operations Center.
