Medium

Analysis Summary

CVE-2024-30058 CVSS:5.4

Microsoft Edge (Chromium-based) could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2024-38083 CVSS:4.3

Microsoft Edge (Chromium-based) could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2024-30057 CVSS:5.4

Microsoft Edge for iOS could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2024-35253 CVSS:4.4

Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in File Sync. By using a specially crafted application, an attacker could exploit this vulnerability to perform specific operations on the endpoint targeted by the attacker.

CVE-2024-35263 CVSS:5.7

Microsoft Dynamics 365 (On-Premises) could allow a remote authenticated attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

• Gain Access
• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-30058
• CVE-2024-38083
• CVE-2024-30057
• CVE-2024-35253
• CVE-2024-35263

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-30058

CVE-2024-38083

CVE-2024-30057

CVE-2024-35253

CVE-2024-35263