Browsing Tag
Summary
25 posts
Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD
Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by…
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that…
Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process
Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating…
Microsoft resolves four SSRF vulnerabilities in Azure cloud services
Summary Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API…
Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October…
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview)…
Investigation Regarding Misconfigured Microsoft Storage Location
Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration…
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk
Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects…
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Summary Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first…
Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance
Summary Today, Microsoft released a new version of the Azure Key Vault Software Development Kit (SDK) and Azure…