[CIVN-2026-0306] Multiple Vulnerabilities in Microsoft Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Microsoft Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Microsoft Graph
Microsoft Copilot
Microsoft 365 Copilot
Copilot Chat (Microsoft Edge)
Microsoft Cloud
Overview
Multiple vulnerabilities have been reported in Microsoft products and cloud services which could allow attackers to execute arbitrary code, disclose sensitive information, bypass security controls, elevate privileges, or compromise affected services.
Target Audience:
All organizations and individuals using affected Microsoft products and cloud services.
Risk Assessment:
High risk due to the potential for remote code execution, information disclosure, privilege escalation, unauthorized access, and compromise of cloud-based services.
Impact Assessment:
Data exposure, service compromise, unauthorized privilege escalation, remote code execution and compromise of affected services.
Description
These vulnerabilities exist in Microsoft products and cloud services due to improper authorization, command injection flaws, and insufficient neutralization of special elements used in commands.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, elevate privileges, disclose sensitive information and compromise of cloud based services on the affected systems.
Solution
Apply appropriate updates as mentioned by the vendor:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48579
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47655
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47644
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45497
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42824
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48567
Vendor Information
Microsoft
https://www.microsoft.com/en-in/
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48579
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47655
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47644
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45497
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42824
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48567
CVE Name
CVE-2026-42824
CVE-2026-45497
CVE-2026-47655
CVE-2026-47644
CVE-2026-48567
CVE-2026-48579
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmotSX8ACgkQ3jCgcSdc
ys8HTw/9GJQi9fdMxoxphR7HktKg1F3/TtBu46ul2nNMvGDhLVRk7wQwdu34t7v0
zmiP5I+SikJzIyCyvpRRf/78gyauqrP1xXhpPne2DRk6D6oEScVxlbdEn5OeMRUo
PGUrOOI9ghErtPhXMhhO/38XK6BpH6vHp/8MKDCqMFMns95QOmX42m76nYGfPyB6
HJJs1zTzZm2RgR4AeQq782ROvfCCWTnwTSYkjL/Yorjw4YvK3wz5yj3Lwk18SsEY
ROF92rGsE7S/rIb8b8VoKy+per/ypTt5SAJBtmxNSc6aXvZYVYENnS2OnI5SUwZB
JGBPm4MXeoERrRJ3W4uqkbHnOB7KIbcnO6Wq/0aBer036VMlOYb3ll9aooPqFJXX
ELNXl7ZdedKoxLEYqeuFNGVB+/Gf3PUqTGVioviTZvW3+NwLENBAVkTmRpuD2Rjl
afOAxLWrOTqGHhTgOHgcUvUVM5aWBVT+Gn8MHmLE9+708MQr87VE8gLRbigo6uwX
qpbHJZtl++iCP6u1m8T/SrtJNrSxn6sJRmNdKQpUhDnTkztPMK15Y6H22m7ePhjV
H+coD0nMqZIS2VrW07tmiSEZKYjQI2nZn/iYb3SS+9eQBwdDy1f/jnEnzKmbM2gG
gF8Z3+48JL/6gVfqa1WLcPwigGd046MdT5O80svn1STNU9hLpME=
=BxQq
—–END PGP SIGNATURE—–
![[CIVN-2026-0308] Multiple Vulnerabilities in Trend Micro Apex One](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
