Technical Details Released for 'SynLapse' RCE Vulnerability Reported in Microsoft Azure


In order to meet full tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines, Microsoft has made additional changes to address the recently discovered SynLapse security vulnerability.

To prevent adversaries from utilising a client certificate to access other tenants’ information, the latest precautions include relocating shared integration runtimes to sandboxed ephemeral instances and employing scoped tokens. Read More…