Summary:
Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity attacks continue to grow in number and sophistication. We value the role the security research community plays in helping secure Microsoft products and services and the broader ecosystem.
Orca Security is one of those researchers. Under Coordinated Vulnerability Disclosure (CVD), they informed Microsoft on June 1, 2022, of an Elevation of Privilege (EoP) vulnerability affecting Azure Synapse Spark. Microsoft fixed this EoP vulnerability on June 18, 2022. No customer action is required.
Vulnerability Details:
Azure Synapse provided users the capability to mount Azure File Shares to their Apache Spark Pools via a script called filesharemount.sh that would execute with elevated privileges. This script would mount the File Share to the /synfs directory. There was a race condition in the script where, if successfully exploited, a user could execute the chown command to change the ownership of any directory—including the one containing the filesharemount.sh itself. This enabled a user to execute additional code with root privileges.
While the EoP behavior was not intended, the impact was limited only to the user’s Spark pool. It did not permit unauthorized access to other customers’ workloads or sensitive secrets.
Microsoft’s Response:
We mitigated this EoP in Synapse Spark through the following:
