Microsoft Patches Critical Zero-Day Flaw Under Active Attack, Plus Cloud Security Vulnerabilities

Microsoft Patches Critical Zero-Day Flaw Under Active Attack, Plus Cloud Security Vulnerabilities

Microsoft Security Update: Critical Vulnerabilities Addressed

Microsoft has released patches for four significant security vulnerabilities affecting their services, with one actively exploited vulnerability requiring immediate attention.

Critical Vulnerability Alert
A high-severity vulnerability (CVE-2024-49035) with a CVSS score of 8.7 is currently being exploited in partner.microsoft.com. This privilege escalation flaw enables attackers to gain unauthorized system access over networks.

Three Additional Security Fixes:

1. Copilot Studio
– CVE-2024-49038 (CVSS: 9.3)
– Critical cross-site scripting vulnerability
– Risk of unauthorized privilege elevation

2. Azure PolicyWatch
– CVE-2024-49052 (CVSS: 8.2)
– Authentication bypass in critical functions
– Potential for privilege escalation

3. Dynamics 365 Sales
– CVE-2024-49053 (CVSS: 7.6)
– Spoofing vulnerability
– Risk of malicious site redirections

Remediation Steps:
– Most patches deploy automatically via Microsoft Power Apps
– Dynamics 365 Sales requires manual update to version 3.24104.15 on mobile devices

Share This Article