One vulnerability is already being actively exploited.
Microsoft fixed four security flaws impacting its artificial intelligence, cloud, enterprise resource planning, and Partner Center offerings.
One vulnerability - CVE-2024-49035 - has been tagged with an "Exploitation Detected" assessment, and is a privilege escalation flaw in partner.microsoft[.]com. This would allow an unauthenticated attacker to elevate privileges over a network.
According to the Hacker News, while most of the vulnerabilities have already been fully mitigated and require no user action, it's advised to update Dynamics 365 Sales apps for Android and iOS to the latest version (3.24104.15) to secure against CVE-2024-49053.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
