Microsoft Security Response Center Blog Alerts

CVE-2023-44487 MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

Posted on Tuesday December 10, 2024

To comprehensively address CVE-2023-44487, Microsoft released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

 

Chromium: CVE-2024-12053 Type Confusion in V8

Posted on Friday December 06, 2024

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.

 

CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Posted on Monday December 02, 2024

Added acknowledgements. This is an informational change only.

 

CVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege Vulnerability

Posted on Tuesday November 26, 2024

An improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network.

 

CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability

Posted on Tuesday November 26, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

 

CVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing Vulnerability

Posted on Tuesday November 26, 2024

Information published.

 

Page:   1...676869707172737475...120

Celebrating 35+ Years

Managed Internet Connections

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016