Microsoft Azure fixes HDInsight vulnerabilities
Take action: This may be a difficult patch. Locking down access to trusted networks and risk assessment should be the first items on your task list for this. If HDInsight is exposed, plan the effort of upgrading fast. Otherwise, put it in the planned pipeline for this year.
Orca Security has recently disclosed three high-risk vulnerabilities within Microsoft Azure's HDInsight service, a big-data analytics platform. HDInsight is critical for large organizations, including major corporations like Unilever, MetLife, and Ernst & Young, which rely on it for big data analytics to drive strategic decisions and uncover new business opportunities. The data processed by HDInsight often contains confidential and valuable customer and market information, underscoring the importance of promptly addressing these security vulnerabilities.
The latest findings include one denial-of-service (DoS) vulnerability and two privilege escalation vulnerabilities, posing significant threats to the integrity and accessibility of big data managed by organizations using HDInsight:
As of October 26th 2023, Microsoft has patched all three vulnerabilities. However, due to HDInsight's lack of support for in-place upgrades, users are advised to create a new cluster with the latest platform version and updates, then migrate from the old to the new to ensure comprehensive protection.