Elevation-of-Privilege

🔴 Critical | Source: Microsoft Security Response Center A vulnerability in Azure Active Directory (CVE-2026-45480) allows an unauthenticated attacker to elevate their privileges over a network by exploiting improper authentication handling. This means an attacker without valid credentials could potentially gain elevated access to resources protected by Azure AD. Given how central Azure AD is to identity and access management across Microsoft cloud environments, the potential impact is significant. Security Architect’s Take: Review Azure AD audit logs immediately for anomalous authentication events and ensure Conditional Access policies with strong MFA enforcement are in place; apply any Microsoft-issued patches or mitigations as a priority, and consider temporarily tightening network-level access to Azure AD endpoints where feasible. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in Azure Bot Service allows an already-authenticated attacker to elevate their privileges over a network, potentially gaining access beyond their intended permission level. The flaw stems from improper authentication handling within the service. This is significant because bot services often have integrations with sensitive backend systems, meaning privilege escalation could have a wide downstream impact. Security Architect’s Take: Review service principals and managed identities associated with Azure Bot Service deployments and apply the principle of least privilege immediately. Monitor for any anomalous permission changes or unexpected API calls originating from bot service identities while awaiting or applying Microsoft’s patch. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in Microsoft 365 Copilot’s Business Chat allows attackers to exploit an open redirect flaw, redirecting users to malicious sites without authentication. This can be leveraged to elevate privileges over a network, potentially enabling account takeover or credential theft. The risk is heightened given the widespread enterprise adoption of Microsoft 365 Copilot. Security Architect’s Take: Review and restrict access to Microsoft 365 Copilot’s Business Chat where not business-critical, and ensure conditional access policies and phishing-resistant MFA are enforced. Monitor Microsoft’s update guidance and apply any available patches or mitigations promptly, particularly in environments where Copilot has broad data access. ...

🟠 High | Source: Microsoft Security Response Center A flaw in Microsoft Dynamics 365 allows an already-authenticated attacker to gain higher privileges than they should have, purely over the network — no physical access required. This means a low-privileged user or compromised account could be leveraged to access sensitive business data or administrative functions within Dynamics 365. Given how widely Dynamics 365 is used for CRM and ERP workflows, the potential business impact is significant. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in Microsoft Exchange Online allows an already-authenticated attacker to elevate their privileges beyond what they should have access to. Because Exchange Online is a widely used cloud email platform, a successful exploit could give an attacker significantly greater control over mailboxes, organisational data, or administrative functions. Microsoft has classified this as a network-exploitable issue, meaning no physical access is required. Security Architect’s Take: Review audit logs in Exchange Online for any anomalous privilege changes or unexpected admin role assignments, and ensure least-privilege principles are enforced across all Exchange Online accounts. Monitor the MSRC advisory for patch availability or mitigations and prioritise remediation given the broad blast radius of a compromised email platform. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in Microsoft Azure Synapse Analytics allows an authenticated attacker to elevate their privileges over a network by exploiting unnecessarily broad execution permissions within the service. This means a user with standard access could potentially gain higher-level control than intended, putting sensitive data workloads and analytics environments at risk. The attack requires no physical access and can be carried out remotely, increasing its practical threat level. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-35433 is an Elevation of Privilege vulnerability in .NET that allows an attacker to gain higher system permissions than intended. Microsoft has revised the advisory to clarify that Windows 11 versions 21H1 and 22H2 are no longer considered affected. Organisations running .NET on other impacted platforms should review their patch status promptly. Security Architect’s Take: Audit your Azure-hosted workloads and CI/CD pipelines running .NET to confirm which runtime versions are deployed, and verify patched versions are in use. Remove Windows 11 21H1 and 22H2 from your affected-systems tracking if previously included. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-42828 is an elevation of privilege vulnerability in the Windows Projected File System (ProjFS), a component that allows applications to present virtual file system content. If exploited, an attacker could gain elevated privileges on an affected Windows system. This update is an acknowledgement addition only and contains no new technical or patch information. Security Architect’s Take: No immediate action is required as this is a non-technical acknowledgement update with no change to patch status or severity. Ensure Windows systems in your Azure or hybrid environments have already applied the relevant cumulative updates addressing this CVE, and verify coverage through your patch management tooling. ...

🟠 High | Source: Microsoft Security Response Center A privilege escalation vulnerability in Microsoft Dynamics 365 on-premises has been assigned CVE-2026-40371, allowing an attacker to gain elevated permissions within the application. Microsoft has corrected its remediation guidance: the fix is contained in Dynamics 365 Server v9.1 Update 1.45 (build 9.1.0045.0011), not the previously stated version 6.2. Organisations that applied the earlier guidance should verify they are running the correct build to ensure they are actually protected. ...

🟠 High | Source: Microsoft Security Response Center A publicly disclosed elevation of privilege vulnerability, tracked as CVE-2026-50656 and nicknamed ‘RoguePlanet’, has been found in the Microsoft Malware Protection Engine within Microsoft Defender. An attacker exploiting this flaw could gain elevated system privileges on affected machines. Microsoft has acknowledged the issue but has not yet released a patch, meaning systems remain exposed whilst a fix is in development. Security Architect’s Take: With no patch currently available, prioritise compensating controls: ensure Defender is configured with least-privilege service accounts, monitor for anomalous privilege escalation events via Microsoft Sentinel or your SIEM, and consider temporarily increasing alert sensitivity on endpoints running Microsoft Defender until the update is released. ...