Microsoft Patches Critical Security Flaws Across AI and Cloud Services
Microsoft has released patches for multiple security vulnerabilities affecting its key platforms, with one flaw already being actively exploited by attackers.
The most pressing issue, tracked as CVE-2024-49035, impacts partner.microsoft.com and allows unauthorized users to gain elevated system privileges. Microsoft confirmed this vulnerability is currently under active exploitation but has not shared specifics about the attacks.
Three additional security holes were also patched:
- A severe cross-site scripting bug in Copilot Studio that could enable privilege escalation
- An authentication bypass in Azure PolicyWatch that potentially grants unauthorized access
- A spoofing vulnerability in Dynamics 365 Sales that could redirect users to malicious websites
Most fixes are being deployed automatically through Microsoft's online services. However, users of Dynamics 365 Sales mobile apps need to manually update to version 3.24104.15 to protect against the spoofing vulnerability.
The patches address vulnerabilities across Microsoft's artificial intelligence tools, cloud infrastructure, and enterprise resource planning systems. Security researchers Gautam Peri, Apoorv Wadhwa, and an anonymous contributor discovered and reported these issues to Microsoft.
While the tech giant is rolling out fixes systematically, organizations using affected Microsoft services should verify their systems are properly updated to maintain security. The discovered flaws highlight ongoing challenges in securing complex cloud and AI platforms used by businesses worldwide.