Microsoft Addresses Critical Power Platform Flaw After Delays and Criticism

2023-08-05 07:38

Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it.

"The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors," the tech giant said.

"The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function."

The company further noted that no customer action is required and that it found no evidence of active exploitation of the vulnerability in the wild.

Microsoft is said to have issued an initial fix on June 7, 2023, but it wasn't until August 2, 2023, that the vulnerability was completely plugged.

"Some can be completed and safely applied very quickly, others can take longer. In order to protect our customers from an exploit of an embargoed security vulnerability, we also start to monitor any reported security vulnerability of active exploitation and move swiftly if we see any active exploit."

News URL

https://thehackernews.com/2023/08/microsoft-addresses-critical-power.html

#critical #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		365	49	1366	2822	162	4399