Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than `Accounts in this organizational directory only (O365 only - Single tenant)` are vulnerable. This vulnerability has been patched in commit c40665f44509724b64938c85def9fb2e79f62ec8 of `discourse-microsoft-auth`. A `microsoft_auth:revoke` rake task has also been added which will deactivate and log out all users that have connected their accounts to Microsoft. User API keys as well as API keys created by those users will also be revoked. The rake task will also remove the connection records to Microsoft for those users. This will allow affected users to re-verify their account emails as well as reconnect their Discourse account to Microsoft for authentication. As a workaround, disable the `discourse-microsoft-auth` plugin by setting the `microsoft_auth_enabled` site setting to `false`. Run the `microsoft_auth:log_out_users` rake task to log out all users with associated Microsoft accounts.

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Microsoft Azure File Sync Elevation of Privilege Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Office OneNote Remote Code Execution Vulnerability

Microsoft Azure Active Directory B2C Spoofing Vulnerability

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Microsoft Word Remote Code Execution Vulnerability