Microsoft patch provides a critical look at reality

On By Pranco

Microsoft worked four security measures during the Night of the Mittwoch. This treatment includes critical changes for the Microsoft Entwickler Updates preparations. Some useful and useful installations, others how Microsoft on Cloud services itself appears.

Anzeige


Eine critical security problem concerns Microsoft’s Copilot Studio. If you are concerned about your rights (CVE-2024-49038, CVSS 9.3Risk “critical“). It is a raw filtering of the website, Microsoft ordnet that works with Cross-Site-Scripting. No authorization from the Netz network can exclude your rights. You cannot have major problems with correcting this problem.

Eine Lücke wurde bereits misbraucht

A Schwachstelle in “partner.microsoft.com”-Angebot would missbraucht, erklärt Microsoft in Schwachstelleneintrag. Angreifer from the Netz could be further authenticated if they are correct, so that the correct results are not correct (CVE-2024-49035, CVSS 8.7, hoch). The issue has been resolved in the online version of Microsoft Power Apps. Abweichend von der CVSS-Einstufung ordnet Microsoft die Lücke als critic. You can no longer read here, Microsoft has resolved the problem.

In Microsoft Azure Policy Watch You can respond on the Internet to an authorization in your right, if you no longer have a critical function of an authentifizierung schlicht fehlte (CVE-2024-49052, CVSS 8.2, hoch). Here you will find Microsoft’s findings on the risks that are critical. If you don’t remember how it works, there are servers used by Microsoft.

The fourth Security Lucke concerns Microsoft’s Business Software Dynamics 365 Sales. Angreifer can miss a Spoofing-Lücke miss. Frequently asked questions Security reporting from Microsoft erklärt, the authentication of the offered link manipulation is a way to create a great web page. The happiness is on the web server, it is possible to write in the browser of the browser, on the machine – the installation is carried out if you use a filter of nutzereingaben on the website to miss cross-site scripting (CVE-2024 -49053, CVSS 7.6, hoch). Those apps Dynamics 365 Sales for iOS and Dynamics 365 Sales for Android since ab Version 3.24104.15 is no longer available; There are many offers in the stores of jewelry smartphone phone systems that can perform such activation.

The regular Patchday takes place on the Night of November 13, the next one on the Night of December 11. The security updates that Microsoft offends when it is so urgent to start are causing the regular time plans to be changed and eased.


(dmk)