Microsoft mitigated a security flaw affecting Azure Synapse and Azure Data Factory that could lead to Any malicious actor could have weaponized the bug to acquire the Azure Data Factory service certificate and access another tenant's Integration Runtimes to gain access to sensitive information. However, no evidence of misuse or malicious activity associated with the vulnerability in the wild was reported yet.

A critical vulnerability in Microsoft's Azure Automation service could have permitted unauthorized access to other Azure customer accounts. By exploiting the bug, the attacker could get full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. Several companies including a telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company were targeted by exploiting this vulnerability. However, the issue was identified and was remediated in a patch pushed in December 2021.