Windows Security

Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.View the full article

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.View the full article

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.View the full article

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.View the full article

Information published.View the full article

Table of Contents Introduction Why most enterprises have trouble scaling DAST Web endpoint discovery Automated OpenAPI Specification generation solutions that do scale (sort of) Authentication and authorization A scalable DAST solution Web endpoint discovery Authentication and authorization Authentication hook Authorization hook DAST orchestration platform architecture Conclusion and looking ahead Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations.View the full article

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh, VictorV, wkai! Check out the full list of researchers recognized this quarter here.View the full article

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025 ) for more information.View the full article

The following updates have been made: 1) Added Windows Software to the Security Updates table. Microsoft recommends updating to the latest version of their Windows operating system. 2) Added an FAQ to describe further actions customers need to take to be protected from this vulnerability.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article

Information published.View the full article