#microsoft

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

**How could an attacker exploit this vulnerability?** An authenticated user could send a specially crafted SQL request to a Dynamics GP Web Service and perform remote code execution.

**How could an attacker exploit this vulnerability?** An attacker could send a specially crafted request to a vulnerable Dynamics site and overwrite database contents.

**The CVSS Score says user action is required. What type of user action is required?** An authenticated user would have to visit a specific URL that will create an action for a workflow.

**What actions do I need to take to be protected from this vulnerability?** The main update will be automatically pushed to all affected products and services. We recommend that customers update PowerBI Client JS SDK to version 2.19.1. The package can be downloaded from NPM or NuGet Gallery. **How do I know if I am affected?** Our team will contact customers that are affected by this vulnerability. We recommend that affected customers save their Power Apps to ensure the fix takes effect as expected.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.

**How do I get the update for Microsoft Teams for iOS?** 1. Tap the **Settings** icon 2. Tap the\*\* iTunes & App Store\*\* 3. Turn on AUTOMATIC DOWNLOADS for Apps **Alternatively** 1. Tap the\*\* App Store\*\* icon 2. Scroll down to find Microsoft Teams 3. Tap the **Update** button

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.