One vulnerability is already being actively exploited.
Microsoft fixed four security flaws impacting its artificial intelligence, cloud, enterprise resource planning, and Partner Center offerings.
One vulnerability - CVE-2024-49035 - has been tagged with an "Exploitation Detected" assessment, and is a privilege escalation flaw in partner.microsoft[.]com. This would allow an unauthenticated attacker to elevate privileges over a network.
According to the Hacker News, while most of the vulnerabilities have already been fully mitigated and require no user action, it's advised to update Dynamics 365 Sales apps for Android and iOS to the latest version (3.24104.15) to secure against CVE-2024-49053.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
