#microsoft

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.

**How do I get the update for Microsoft Teams for iOS?** 1. Tap the **Settings** icon 2. Tap the\*\* iTunes & App Store\*\* 3. Turn on AUTOMATIC DOWNLOADS for Apps **Alternatively** 1. Tap the\*\* App Store\*\* icon 2. Scroll down to find Microsoft Teams 3. Tap the **Update** button

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.

**If I'm running SQL Server 2019 on premise, am I vulnerable to this CVE?** This vulnerability only exists in the containerized version of SQL Server 2019 for Linux. If you are running that version, Microsoft recommends applying the update.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**Are the updates for the Microsoft Dynamics 365 (on-premises) versions listed in this vulnerability currently available?** The security update for Microsoft Dynamics 365 (on-premises) version 8.2 and Microsoft Dynamics 365 (on-premises) version 9.1 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.