Security
Microsoft Windows security board.
4673 topics in this forum
-
- 0 replies
- 17 views
Information published.View the full article
Last reply by Windows Security, -
Information published.View the full article
Last reply by Windows Security, -
Information published.View the full article
Last reply by Windows Security, -
Information published.View the full article
Last reply by Windows Security, -
- 0 replies
- 21 views
Information published.View the full article
Last reply by Windows Security, -
- 0 replies
- 19 views
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.View the full article
Last reply by Windows Security, -
- 0 replies
- 18 views
We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends an email to a user. The user then queries the LLMail service with a question (e.View the full article
Last reply by Windows Security, -
Chromium: CVE-2024-12053 Type Confusion in V8
by Guest MSRC Security Update- 0 replies
- 23 views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Continue reading...
-
- 0 replies
- 18 views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.View the full article
Last reply by Windows Security, -
Added acknowledgements. This is an informational change only.View the full article
Last reply by Windows Security, -
CVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege Vulnerability
by Guest MSRC Security Update- 0 replies
- 33 views
An improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network. Continue reading...
-
CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability
by Guest MSRC Security Update- 0 replies
- 31 views
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. Continue reading...
-
CVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing Vulnerability
by Guest MSRC Security Update- 0 replies
- 34 views
Information published. Continue reading...
-
CVE-2024-49052 Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
by Guest MSRC Security Update- 0 replies
- 24 views
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. Continue reading...
-
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.View the full article
Last reply by Windows Security, -
- 0 replies
- 24 views
Information published.View the full article
Last reply by Windows Security, -
- 0 replies
- 18 views
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.View the full article
Last reply by Windows Security, -
- 0 replies
- 18 views
An improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network.View the full article
Last reply by Windows Security, -
CVE-2024-49054 Microsoft Edge (Chromium-based) Spoofing Vulnerability
by Guest MSRC Security Update- 0 replies
- 22 views
Updated CWE value. This is an informational change only. Continue reading...
-
This year at CYBERWARCON, Microsoft Threat Intelligence analysts are sharing research and insights representing years of threat actor tracking, infrastructure monitoring and disruption, and attacker tooling. North Korean threat landscape Listen to the Microsoft Threat Intelligence podcast episode The talk DPRK – All grown up will cover how the Democratic People’s Republic of Korea (DPRK) has successfully built computer network exploitation capability over the past 10 years and how threat actors have enabled North Korea to steal billions of dollars in cryptocurrency as well as target organizations associated with satellites and weapons system…
Last reply by Windows Security, -
- 0 replies
- 19 views
Updated CWE value. This is an informational change only.View the full article
Last reply by Windows Security, -
- 0 replies
- 17 views
Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers are impacted.View the full article
Last reply by Windows Security, -
CVE-2024-49060 Azure Stack HCI Elevation of Privilege Vulnerability
by Guest MSRC Security Update- 0 replies
- 28 views
Information published. Continue reading...
-
- 0 replies
- 20 views
Information published.View the full article
Last reply by Windows Security, -
Chromium: CVE-2024-11110 Inappropriate implementation in Blink
by Guest MSRC Security Update- 0 replies
- 28 views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Continue reading...