CVE-2024-49052: Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability

CVE-2024-49038: Microsoft Copilot Studio Elevation Of Privilege Vulnerability

CVE-2024-49035: Partner.Microsoft.Com Elevation of Privilege Vulnerability

CVE-2024-49053: Microsoft Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8

**How could an attacker exploit the vulnerability?**

In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the remote code execution vulnerability.

In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.

Headline

CVE-2023-36884: Windows Search Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News