Get All Access for $5/mo

Microsoft Patches Critical Security Flaws, Including One Actively Exploited The company credited researchers Gautam Peri, Apoorv Wadhwa, and an anonymous contributor for reporting the issue

By Entrepreneur Staff

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

Microsoft has addressed four major security vulnerabilities affecting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center services. One of the vulnerabilities, identified as CVE-2024-49035 and carrying a severity score of 8.7, has already been exploited in the wild. This privilege escalation flaw in Microsoft's Partner Center platform allows attackers to gain unauthorized elevated access over a network. The company credited researchers Gautam Peri, Apoorv Wadhwa, and an anonymous contributor for reporting the issue but has not disclosed details of its real-world exploitation. Fixes for this vulnerability are being applied automatically.

In addition to CVE-2024-49035, Microsoft has resolved three other vulnerabilities. Two are classified as critical: CVE-2024-49038, a cross-site scripting (XSS) flaw in Copilot Studio with a severity score of 9.3, and CVE-2024-49052, a missing authentication issue in Microsoft Azure PolicyWatch rated at 8.2. Both could allow attackers to escalate privileges over a network. The third, CVE-2024-49053, is a spoofing vulnerability in Dynamics 365 Sales, with a score of 7.6. This flaw could enable attackers to redirect users to malicious websites via specially crafted URLs.

While most of these vulnerabilities have been automatically mitigated, Microsoft advises users of Dynamics 365 Sales apps on Android and iOS to update to version 3.24104.15 to protect against CVE-2024-49053. The company continues to roll out updates to safeguard its platforms, urging users to remain vigilant and apply recommended patches to maintain security.


Entrepreneur Staff

Entrepreneur Staff

Editor

For more than 30 years, Entrepreneur has set the course for success for millions of entrepreneurs and small business owners. We'll teach you the secrets of the winners and give you exactly what you need to lay the groundwork for success.
News and Trends

Noida International Airport Partners with Mahindra Logistics for Premium All-Electric Taxi Service

Passengers will have the flexibility to book rides through multiple platforms, including a dedicated mobile app, the NIA website, call centers, airport kiosks, and airline alliances. This multi-channel approach ensures 24/7 accessibility, catering to the diverse needs of travelers.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

News and Trends

Lightspeed Leads USD 40 Mn Series B Funding for SolarSquare

The company plans to use the fresh funding to expand its footprint to 50 cities, enhance its technology, hire talent, and strengthen its brand presence.

News and Trends

growX Ventures Launches Fund II with a Target Corpus of INR 400 Cr

Fund II aims to target early-stage and growth-stage investments, backing 20–24 startups in deeptech sectors. It plans to deploy INR 10 crore in seed and INR 20–30 crore in Series B rounds.

Business News

These Companies Offer the Best Work-Life Balance, According to Employees

The ranking is based on Glassdoor ratings and reviews.

News and Trends

K12 Techno Services Secures USD 40 Mn in Funding from Kenro Capital

The Bengaluru-based firm aims to expand aggressively, with plans to open 8–12 Orchids schools annually and onboard 100–150 schools under the Eduvate umbrella each year.