Microsoft has released fixes to address four serious security flaws that have already been exploited in production scenarios and impact its corporate platforms, cloud infrastructure, and artificial intelligence.
Concerns are raised by the developments regarding possible broad effects on data security and corporate operations.
With a CVSS score of 8.7, the most serious vulnerability, CVE-2024-49035, allows unauthorized attackers to increase their privileges via partner.microsoft[.]com. This vulnerability was found by security researchers Gautam Peri, Apoorv Wadhwa, and an unnamed contributor; Microsoft affirms that it is being exploited in the wild at the moment. Regarding specific attack routes and exploitation techniques, the IT behemoth has been quiet.
Copilot Studio has a serious cross-site scripting (XSS) vulnerability (CVE-2024-49038, CVSS 9.3) that could enable malevolent actors to escalate privileges across networks, among other patched vulnerabilities. This vulnerability in Microsoft's AI-powered development platform brings to light the growing security risks associated with AI tools in business settings.
A serious authentication bypass vulnerability exists in Azure PolicyWatch, a vital part of Microsoft's cloud infrastructure (CVE-2024-49052, CVSS 8.2). For businesses that rely significantly on Azure services for their cloud operations, this vulnerability raises concerns because it may allow for unlawful privilege escalation.
The fourth vulnerability, which impacts Microsoft Dynamics 365 Sales (CVE-2024-49053, CVSS 7.6), creates a spoofing risk that might allow attackers to utilize carefully constructed URLs to reroute users to malicious websites. Sales teams and customer relationship management operations are especially concerned about this.
Through Power Apps updates, Microsoft has automatically applied security patches for the majority of these vulnerabilities. To defend against any threats, Dynamics 365 Sales users must manually update their mobile applications to version 3.24104.15.
The timing of these security improvements is critical, as businesses depend more and more on Microsoft's cloud and AI services for day-to-day operations. The existence of a vulnerability that is being actively exploited, especially one that impacts partner relationships, emphasizes how crucial these patches are and how crucial it is to update security across enterprise environments as soon as possible.
Google Messages is offering a number of intriguing..
An planned feature in Google Chrome will utilize a..