Ethical Hacking News
Microsoft has acknowledged four security flaws impacting its AI, cloud, enterprise resource planning, and Partner Center offerings, including one that has been exploited in active attacks. The tech giant has rolled out fixes for the shortcomings as part of updates to its online version of Microsoft Power Apps.
Microsoft has acknowledged four security flaws in its AI, cloud, enterprise resource planning, and Partner Center offerings. A privilege escalation flaw (CVE-2024-49035) has been detected with an "Exploitation Detected" assessment, allowing unauthenticated attackers to elevate privileges over a network. Microsoft has rolled out fixes for three other vulnerabilities: - CVE-2024-49038 (CVSS score: 9.3) - cross-site scripting vulnerability in Copilot Studio
- CVE-2024-49052 (CVSS score: 8.2) - missing authentication for critical function in Microsoft Azure PolicyWatch
- CVE-2024-49053 (CVSS score: 7.6) - spoofing vulnerability in Microsoft Dynamics 365 Sales
Users are advised to update Dynamics 365 Sales apps for Android and iOS to the latest version (3.24104.15) to secure against CVE-2024-49053.
Microsoft, a renowned technology giant, has recently acknowledged four security flaws impacting its various offerings, including artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center. These vulnerabilities have been categorized as Critical, Important, and Exploitation Detected, highlighting the potential severity of the threats.
One of the most concerning vulnerabilities is CVE-2024-49035, a privilege escalation flaw in partner.microsoft[.]com, which has been tagged with an "Exploitation Detected" assessment. This means that an unauthenticated attacker can elevate privileges over a network by exploiting this vulnerability. The tech giant credited Gautam Peri, Apoorv Wadhwa, and an anonymous researcher for reporting the flaw, but did not reveal any specifics on how it's being exploited in real-world attacks.
Microsoft has rolled out fixes for the shortcomings as part of updates to the online version of Microsoft Power Apps. Additionally, Redmond has addressed three other vulnerabilities: CVE-2024-49038 (CVSS score: 9.3), a cross-site scripting (XSS) vulnerability in Copilot Studio that could allow an unauthorized attacker to escalate privileges over a network; CVE-2024-49052 (CVSS score: 8.2), a missing authentication for a critical function in Microsoft Azure PolicyWatch that could allow an unauthorized attacker to escalate privileges over a network; and CVE-2024-49053 (CVSS score: 7.6), a spoofing vulnerability in Microsoft Dynamics 365 Sales that could allow an authenticated attacker to trick a user into clicking on a specially crafted URL and potentially redirect the victim to a malicious site.
While most of the vulnerabilities have already been fully mitigated and require no user action, it is advised to update Dynamics 365 Sales apps for Android and iOS to the latest version (3.24104.15) to secure against CVE-2024-49053. The tech giant's proactive approach in addressing these security flaws underscores its commitment to protecting users from potential threats.
Furthermore, Microsoft has demonstrated its dedication to enhancing the security of its offerings by implementing various measures to prevent exploitation of these vulnerabilities. These efforts include rolling out updates automatically as part of its online version of Microsoft Power Apps and providing guidance on how users can secure their systems against known threats.
The recent acknowledgment of these vulnerabilities serves as a stark reminder of the importance of staying vigilant in today's digital landscape. As technology continues to evolve at an unprecedented pace, it is essential for organizations and individuals alike to remain informed about emerging security threats and take proactive steps to protect themselves from potential harm.
In conclusion, Microsoft's latest vulnerability disclosures highlight the pressing need for cybersecurity awareness and preparedness. By understanding the risks associated with these recently identified vulnerabilities, users can take necessary precautions to safeguard their systems and data against exploitation.
Related Information:
https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html
https://nvd.nist.gov/vuln/detail/CVE-2024-49035
https://www.cvedetails.com/cve/CVE-2024-49035/
https://nvd.nist.gov/vuln/detail/CVE-2024-49038
https://www.cvedetails.com/cve/CVE-2024-49038/
https://nvd.nist.gov/vuln/detail/CVE-2024-49052
https://www.cvedetails.com/cve/CVE-2024-49052/
https://nvd.nist.gov/vuln/detail/CVE-2024-49053
https://www.cvedetails.com/cve/CVE-2024-49053/
Published: Fri Nov 29 06:32:46 2024 by llama3.2 3B Q4_K_M
