Network-Attack

🟠 High | Source: Microsoft Security Response Center A command injection vulnerability in Microsoft Copilot allows an unauthenticated attacker to tamper with the service over a network, without requiring any user interaction or elevated privileges. The flaw stems from improper handling of special characters within commands, a class of vulnerability that can enable attackers to manipulate application behaviour or underlying systems. Given Copilot’s integration across Microsoft 365 and Azure services, the potential blast radius for affected organisations is significant. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in Microsoft Azure Synapse Analytics allows an authenticated attacker to elevate their privileges over a network by exploiting unnecessarily broad execution permissions within the service. This means a user with standard access could potentially gain higher-level control than intended, putting sensitive data workloads and analytics environments at risk. The attack requires no physical access and can be carried out remotely, increasing its practical threat level. ...