Overview
Microsoft (https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.
Affected Products
Microsoft Copilot Studio Family
Microsoft Copilot Studio
Microsoft Dynamics 365 Family
Dynamics CRM Service Portal Web Resource
Resolved Vulnerabilities
Two vulnerabilities with a Critical rating were found.
Vulnerability that could allow an attacker to bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio and exfiltrate sensitive information over the network (CVE-2024-38206)
A vulnerability that could allow an attacker to spoof the network by improperly neutralizing input during web page generation in Microsoft Dynamics 365 to trick a user into clicking a link (CVE-2024-38166)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please update to the latest vulnerability patch versions by using the Windows Update feature for automatic installation or by following the instructions on the Referenced Sites[1][2].
Referenced Sites
[1] Microsoft Copilot Studio Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206
[2] Microsoft Dynamics 365 Cross-site Scripting Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166
Article Link: MS Family August 2024 Routine Security Update Advisory – ASEC