Microsoft Cloud: Massive vulnerability discovered

Microsoft Azure, Microsoft’s cloud platform, has apparently had a massive vulnerability over a long period of time. The so-called SynLapse vulnerability enabled hackers to indirectly gain access to other users’ virtual machines hosted by Microsoft.


Earlier this year, on January 4, 2022, the research team at Orca Security reported a massive vulnerability in its cloud service Microsoft Azure to the Microsoft Security Response Center (MSRC) – along with keys and certificates that the research team extracted could. The vulnerability, named “SynLapse” by its discoverer Tzah Pahima, apparently enabled attackers to access the virtual machines of other Microsoft cloud customers if they are running on the Microsoft servers via the Azure Synapse service. Apparently, the separation between the different customers was not sufficiently secured.


Easy access to third-party content

SynLapse made it possible for hackers to obtain the memory content of a process with comparatively little effort via an internal programming interface (API), manage it via external connections and thus obtain access data for databases, servers and other Azure services from other customers.

By chaining together a number of attack vectors, it was ultimately possible to launch attacks that could execute code in any virtual machine hosted on Azure Synapse. The attackers only had to know the name of the respective Synapse workspace and thus it was discovered.


Over 100 days until final patch

As Orca Security has now announced, it took more than 100 days after the SynLapse vulnerability was first reported in early January for the MSRC to find and deploy a final fix. Two first patches at the end of March and on April 10th were again bypassed by the Orca Security research team. It was not until April 15, 2022 that the MSRC was able to provide a patch that fixed the reported attack vectors.

On May 9th, both Orca Security and the MSRC published blogs detailing the vulnerability, fixes and recommendations for customers. Finally, in late May, Microsoft provided more comprehensive tenant isolation – including ephemeral instances and scaled tokens for the shared Azure Integration Runtimes.

Source: Orca Security