As part of Patch Tuesday May, Microsoft has pledged to release improvements for both Azure Synapse Pipeline and Azure Data Factory. This announcement came shortly after Microsoft disclosed CVE-2022-29972, a vulnerability affecting a Magnitude Simba Amazon Redshift ODBC driver. Microsoft’s currently working alongside a third party to remedy the aforementioned vulnerability and to develop infrastructure improvements for Synapse Pipeline and Data Factory.

Patch Tuesday May – Highlights

Most of Microsoft’s monthly patching effort is focused on the remediation of the Simba Amazon Redshift ODBC driver vulnerability. For those of you unfamiliar with the product, Redshift ODBC and its ‘peer’ JDBC are data access interfaces for various relational databases. Also called connectors, these products allow you to access via SQL-92 all the data stored in Redshift warehouses, map data type in Amazon Redshift and ANSI SQL, provide logging and ODBC tracing, and, of course, establish connections between various BI (Business Intelligence Tools) and the data residing in your Amazon Redshift data warehouse.

According to the threat report issued by Microsoft’s Security Response Center, the vulnerability was first identified and mitigated on the 15th of April 2022. The culprit was a defective ODBC driver developed by an undisclosed third party. As to its purpose, the driver was supposed to facilitate the connection between Amazon’s Redshift, Azure Data Factory Integration Runtime, and Azure Synapse pipelines. The ensuing investigation revealed that no customers have been affected by CVE-2022-29972.

As to the vulnerability itself, CVE Details provides some insight – one of the ODBC driver’s authentication components was discovered to harbor an argument injection bug that would have allowed a threat actor or even a local user to run arbitrary code on the machine. The defect seems to affect version 1.4.14 through, 1.4.22 through 1.4.x, all the way up to version 1.4.52).

For the time being, no workarounds or hotfixes are available. Per Microsoft’s recommendations, IT admins are advised to limit access to the connector and wait until an official fix or patch becomes available.

Additional Cybersecurity Advice & Conclusions

Not much going around in May in terms of patching. Microsoft’s mostly focused on delivering a functional fix to the Synapse and Data Factory issues. In the meantime, here are some things you can try in order to stay protected.

  • Suspicious activity. If your company’s running any kind of SIEM, you may want to conduct some probing for suspicious activity.
  • Automatic patching. The best way to ensure that all your applications and software are up to date (and in a timely fashion) is through automated patching. Heimdal™ Security’s Patch & Asset Management can help you fast-track your patching/updating processes, regardless of whether it’s Windows, Linux, 3rd party, OS-specific, proprietary or optional improvements.
  • Pen-testing. You may want to conduct some on-site pen-testing to determine if other Azure-related components are vulnerable. If your team can’t cover this area, it would be a good idea to hire an outside team to carry out these tests.

Additional resources:

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Leave a Reply

Your email address will not be published. Required fields are marked *