Microsoft has released patches for four significant security vulnerabilities affecting their services, with one actively exploited vulnerability requiring immediate attention.
Critical Vulnerability Alert
A high-severity vulnerability (CVE-2024-49035) with a CVSS score of 8.7 is currently being exploited in partner.microsoft.com. This privilege escalation flaw enables attackers to gain unauthorized system access over networks.
Three Additional Security Fixes:
1. Copilot Studio
– CVE-2024-49038 (CVSS: 9.3)
– Critical cross-site scripting vulnerability
– Risk of unauthorized privilege elevation
2. Azure PolicyWatch
– CVE-2024-49052 (CVSS: 8.2)
– Authentication bypass in critical functions
– Potential for privilege escalation
3. Dynamics 365 Sales
– CVE-2024-49053 (CVSS: 7.6)
– Spoofing vulnerability
– Risk of malicious site redirections
Remediation Steps:
– Most patches deploy automatically via Microsoft Power Apps
– Dynamics 365 Sales requires manual update to version 3.24104.15 on mobile devices