MS Family August 2024 Routine Security Update Advisory

Overview

 

Microsoft (https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Microsoft Copilot Studio Family

Microsoft Copilot Studio

 

Microsoft Dynamics 365 Family

Dynamics CRM Service Portal Web Resource

 

 

Resolved Vulnerabilities

Two vulnerabilities with a Critical rating were found.

 

Vulnerability that could allow an attacker to bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio and exfiltrate sensitive information over the network (CVE-2024-38206)

A vulnerability that could allow an attacker to spoof the network by improperly neutralizing input during web page generation in Microsoft Dynamics 365 to trick a user into clicking a link (CVE-2024-38166)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please update to the latest vulnerability patch versions by using the Windows Update feature for automatic installation or by following the instructions on the Referenced Sites[1][2].

 

Referenced Sites

 

[1] Microsoft Copilot Studio Information Disclosure Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206

[2] Microsoft Dynamics 365 Cross-site Scripting Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166

Article Link: MS Family August 2024 Routine Security Update Advisory – ASEC