Security News > 2024 > November > Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
2024-11-29 09:34
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An
News URL
https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html
Related news
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- AI agents swarm Microsoft Security Copilot (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Balancing cloud security with performance and availability (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-49035 | Unspecified vulnerability in Microsoft Partner Center An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 |