- frfr.jpg (363.95 KiB) Viewed 1874 times
Eh, this isn't funny, but kinda amazing. Youtube, for whatever reason decided to auto-play this (I'm not embedding, will embed a shorter vidya):https://www.youtube.com/watch?v=3fT5K2SIXDQ
Anyway @ about 6:55 I saw this scene:
Absolutely fucking incredible.
https://arstechnica.com/information-tec ... itics-say/
Perhaps we can 30 percent off?Microsoft's latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers.
From there, Orca Security researcher Tzah Pahima said, an attacker could:
Third time’s the charm
- Gain authorization inside other customer accounts while acting as their Synapse workspace. We could have accessed even more resources inside a customer’s account depending on the configuration.
- Leak credentials customers stored in their Synapse workspace.
- Communicate with other customers’ integration runtimes. We could leverage this to run remote code (RCE) on any customer’s integration runtimes.
- Take control of the Azure batch pool managing all of the shared integration runtimes. We could run code on every instance.
Despite the urgency of the vulnerability, Microsoft responders were slow to grasp its severity, Pahima said. Microsoft botched the first two patches, and it wasn't until Tuesday that Microsoft issued an update that entirely fixed the flaw. A timeline Pahima provided shows just how much time and work it took his company to shepherd Microsoft through the remediation process.