Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.12.1 Latest
Buy Hosting
  1. Home
  2. Uncategorized
  3. Microsoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"

Microsoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"

Scheduled Pinned Locked Moved Uncategorized
patchtuesdaymicrosoftvulnerabilitycveinfosec
2 Posts 1 Posters 14 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • screaminggoat@infosec.exchangeS This user is from outside of this forum
    screaminggoat@infosec.exchangeS This user is from outside of this forum
    Not Simon 🐐
    wrote last edited by
    #1

    Microsoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"

    • CVE-2024-49053 (7.6 high) Microsoft Dynamics 365 Sales Spoofing Vulnerability
    • CVE-2024-49035 (8.7 high) Partner.Microsoft.Com Elevation of Privilege Vulnerability (EXPLOITATION DETECTED 🚩)
    • CVE-2024-49038 (9.3 critical) Microsoft Copilot Studio Elevation Of Privilege Vulnerability
    • CVE-2024-49052 (8.2 high) Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability

    Only CVE-2024-49053 has any substantial information in their FAQ section. CVE-2024-49035 is "not exploited" but "exploitation detected" 🤔 (analyst comment: likely a gaffe). The rest are Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.

    #microsoft #vulnerability #CVE #infosec #cybersecurity #copilot #dynamics365 #azure

    screaminggoat@infosec.exchangeS 1 Reply Last reply
    0
    • screaminggoat@infosec.exchangeS This user is from outside of this forum
      screaminggoat@infosec.exchangeS This user is from outside of this forum
      Not Simon 🐐
      replied to Not Simon 🐐 last edited by
      #2

      Microsoft updated CVE-2024-49035 (8.7 high) Partner.Microsoft.Com Elevation of Privilege Vulnerability to an EXPLOITED ZERO-DAY! 🥳😂👌 Happy Thanksgiving 🦃 @cR0w! @t0db @ntkramer @dreadpir8robots @briankrebs @campuscodi

      Microsoft messed up again and had to correct their advisory. They had an "Exploitation Detected" flag but not an "Exploited" flag when this CVE was first announced.

      Now I know that Eduard Kovacs reads my toots 👀. See Security Week article Microsoft Patches Exploited Vulnerability in Partner Network Website

      #microsoft #vulnerability #CVE #infosec #cybersecurity #copilot #dynamics365 #azure #zeroday #eitw #activeexploitation #CVE_2024_49035

      1 Reply Last reply
      1
      0

      Copyright © 2024 NodeBB | Contributors
      • Login
      • Don't have an account? Register
      • Login or register to search.
      Powered by NodeBB Contributors
      • First post
        Last post
      0
      • Home
      • Categories
      • Recent
      • Popular
      • World
      • Top
      • Tags
      • Users
      • Groups
      • Documentation
        • Home
        • Read API
        • Write API
        • Plugin Development