A vulnerability in Azure Active Directory (CVE-2026-45480) allows an unauthenticated attacker to elevate their privileges over a network by exploiting improper authentication handling. This means an attacker without valid credentials could potentially gain elevated access to resources protected by Azure AD. Given how central Azure AD is to identity and access management across Microsoft cloud environments, the potential impact is significant.

Security Architect’s Take: Review Azure AD audit logs immediately for anomalous authentication events and ensure Conditional Access policies with strong MFA enforcement are in place; apply any Microsoft-issued patches or mitigations as a priority, and consider temporarily tightening network-level access to Azure AD endpoints where feasible.

Original advisory: CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

A vulnerability in Azure Bot Service allows an already-authenticated attacker to elevate their privileges over a network, potentially gaining access beyond their intended permission level. The flaw stems from improper authentication handling within the service. This is significant because bot services often have integrations with sensitive backend systems, meaning privilege escalation could have a wide downstream impact.

Security Architect’s Take: Review service principals and managed identities associated with Azure Bot Service deployments and apply the principle of least privilege immediately. Monitor for any anomalous permission changes or unexpected API calls originating from bot service identities while awaiting or applying Microsoft’s patch.

Original advisory: CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability

A vulnerability in Microsoft 365 Copilot’s Business Chat allows attackers to exploit an open redirect flaw, redirecting users to malicious sites without authentication. This can be leveraged to elevate privileges over a network, potentially enabling account takeover or credential theft. The risk is heightened given the widespread enterprise adoption of Microsoft 365 Copilot.

Security Architect’s Take: Review and restrict access to Microsoft 365 Copilot’s Business Chat where not business-critical, and ensure conditional access policies and phishing-resistant MFA are enforced. Monitor Microsoft’s update guidance and apply any available patches or mitigations promptly, particularly in environments where Copilot has broad data access.

Original advisory: CVE-2026-47645 Microsoft 365 Copilot’s Business Chat Elevation of Privilege Vulnerability

A flaw in Microsoft Dynamics 365 allows an already-authenticated attacker to gain higher privileges than they should have, purely over the network — no physical access required. This means a low-privileged user or compromised account could be leveraged to access sensitive business data or administrative functions within Dynamics 365. Given how widely Dynamics 365 is used for CRM and ERP workflows, the potential business impact is significant.

Security Architect’s Take: Audit current Dynamics 365 role assignments and apply the least-privilege principle immediately — remove any unnecessary elevated roles whilst Microsoft’s patch is applied. Prioritise patching for tenants where Dynamics 365 is integrated with other Azure services or holds sensitive customer and financial data.

Original advisory: CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

A vulnerability in Microsoft Exchange Online allows an already-authenticated attacker to elevate their privileges beyond what they should have access to. Because Exchange Online is a widely used cloud email platform, a successful exploit could give an attacker significantly greater control over mailboxes, organisational data, or administrative functions. Microsoft has classified this as a network-exploitable issue, meaning no physical access is required.

Security Architect’s Take: Review audit logs in Exchange Online for any anomalous privilege changes or unexpected admin role assignments, and ensure least-privilege principles are enforced across all Exchange Online accounts. Monitor the MSRC advisory for patch availability or mitigations and prioritise remediation given the broad blast radius of a compromised email platform.

Original advisory: CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

A vulnerability in Microsoft Azure Synapse Analytics allows an authenticated attacker to elevate their privileges over a network by exploiting unnecessarily broad execution permissions within the service. This means a user with standard access could potentially gain higher-level control than intended, putting sensitive data workloads and analytics environments at risk. The attack requires no physical access and can be carried out remotely, increasing its practical threat level.

Security Architect’s Take: Review and restrict role assignments within Azure Synapse workspaces immediately, applying least-privilege principles to all identities — managed identities, service principals, and user accounts alike. Monitor Microsoft’s patch guidance and apply any available fixes promptly; in the interim, audit network access controls to limit who can interact with Synapse endpoints.

Original advisory: CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

CVE-2026-35433 is an Elevation of Privilege vulnerability in .NET that allows an attacker to gain higher system permissions than intended. Microsoft has revised the advisory to clarify that Windows 11 versions 21H1 and 22H2 are no longer considered affected. Organisations running .NET on other impacted platforms should review their patch status promptly.

Security Architect’s Take: Audit your Azure-hosted workloads and CI/CD pipelines running .NET to confirm which runtime versions are deployed, and verify patched versions are in use. Remove Windows 11 21H1 and 22H2 from your affected-systems tracking if previously included.

Original advisory: CVE-2026-35433 .NET Elevation of Privilege Vulnerability

CVE-2026-42828 is an elevation of privilege vulnerability in the Windows Projected File System (ProjFS), a component that allows applications to present virtual file system content. If exploited, an attacker could gain elevated privileges on an affected Windows system. This update is an acknowledgement addition only and contains no new technical or patch information.

Security Architect’s Take: No immediate action is required as this is a non-technical acknowledgement update with no change to patch status or severity. Ensure Windows systems in your Azure or hybrid environments have already applied the relevant cumulative updates addressing this CVE, and verify coverage through your patch management tooling.

Original advisory: CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability

A privilege escalation vulnerability in Microsoft Dynamics 365 on-premises has been assigned CVE-2026-40371, allowing an attacker to gain elevated permissions within the application. Microsoft has corrected its remediation guidance: the fix is contained in Dynamics 365 Server v9.1 Update 1.45 (build 9.1.0045.0011), not the previously stated version 6.2. Organisations that applied the earlier guidance should verify they are running the correct build to ensure they are actually protected.

Security Architect’s Take: Audit your Dynamics 365 on-premises deployments immediately and confirm the installed build is 9.1.0045.0011 or later — do not assume earlier patching attempts were sufficient given the corrected version guidance. If you manage hybrid environments where on-premises Dynamics 365 integrates with Azure services, treat unpatched instances as a potential lateral movement risk and prioritise the update accordingly.

Original advisory: CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability

A publicly disclosed elevation of privilege vulnerability, tracked as CVE-2026-50656 and nicknamed ‘RoguePlanet’, has been found in the Microsoft Malware Protection Engine within Microsoft Defender. An attacker exploiting this flaw could gain elevated system privileges on affected machines. Microsoft has acknowledged the issue but has not yet released a patch, meaning systems remain exposed whilst a fix is in development.

Security Architect’s Take: With no patch currently available, prioritise compensating controls: ensure Defender is configured with least-privilege service accounts, monitor for anomalous privilege escalation events via Microsoft Sentinel or your SIEM, and consider temporarily increasing alert sensitivity on endpoints running Microsoft Defender until the update is released.

Original advisory: CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability