HomeVulnerabilityMicrosoft Fixes AI, Cloud, and ERP Safety Flaws; One Exploited in Lively...

Microsoft Fixes AI, Cloud, and ERP Safety Flaws; One Exploited in Lively Attacks

Microsoft has addressed 4 security flaws impacting its synthetic intelligence (AI), cloud, enterprise useful resource planning, and Companion Middle choices, together with one which it mentioned has been exploited within the wild.

The vulnerability that has been tagged with an “Exploitation Detected” evaluation is CVE-2024-49035 (CVSS rating: 8.7), a privilege escalation flaw in companion.microsoft[.]com.

“An improper entry management vulnerability in companion.microsoft[.]com permits an unauthenticated attacker to raise privileges over a community,” the tech large mentioned in an advisory launched this week.

Microsoft credited Gautam Peri, Apoorv Wadhwa, and an nameless researcher for reporting the flaw, however didn’t reveal any specifics on the way it’s being exploited in real-world assaults.

Cybersecurity

Fixes for the shortcomings are being rolled out mechanically as a part of updates to the web model of Microsoft Energy Apps. Additionally addressed by Redmond are three different vulnerabilities, two of that are rated Crucial and one is rated Necessary in severity –

  • CVE-2024-49038 (CVSS rating: 9.3) – A cross-site scripting (XSS) vulnerability in Copilot Studio that would permit an unauthorized attacker to escalate privileges over a community
  • CVE-2024-49052 (CVSS rating: 8.2) – A lacking authentication for a essential operate in Microsoft Azure PolicyWatch that would permit an unauthorized attacker to escalate privileges over a community
  • CVE-2024-49053 (CVSS rating: 7.6) – A spoofing vulnerability in Microsoft Dynamics 365 Gross sales that would permit an authenticated attacker to trick a consumer into clicking on a specifically crafted URL and probably redirect the sufferer to a malicious website
See also  Replace Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

Whereas many of the vulnerabilities have already been absolutely mitigated and require no consumer motion, it is suggested to replace Dynamics 365 Gross sales apps for Android and iOS to the newest model (3.24104.15) to safe towards CVE-2024-49053.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular