CVE-2026-23659

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

PT-2026-26351

Azure Data Factory Information Disclosure Vulnerability CVE: CVE-2026-23659 PT-Identifier: PT-2026-26351 Vendor: Microsoft Product: Azure Data Factory CVSS: 8.6 Credits: n/a Description: Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attack...

Octo Tempest cybercriminal group is “a growing concern”—Microsoft

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taki...

Update now!  Microsoft patches Follina, and many other security updates

The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond. Microsoft Microsoft released update...

The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse allows a hacker to execute arbitrary code.

The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse lies in the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

Microsoft Releases Security Advisory for Azure Data Factory and Azure Synapse Pipelines

Microsoft has released a security advisory to address a remote code execution vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review...

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime...

Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972

Executive Summary Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime IR in Azure Synapse Pipelines, and...

CVE-2022-29972

creationtimestamp| type| source ---|---|--- 2022-05-09 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/05/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/ 2022-05-09 22:33:07+00:00| seen|...

KLA12534 RCE vulnerability in Microsoft Azure

A remote code execution vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2022-29972 ADV220001 Related products Microsoft-Azure CVE list CVE-2022-29972 unknown Solution Install necessary updates from the K...