#microsoft

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.

Azure admins are urged to disable shared key access and implement Azure Active Directory authentication.

A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and

Your iPhone, iPad, and Mac now have a built-in password feature, complete with two-factor authentication.

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

**How do I check my Azure Machine Learning Compute Instance runtime version?** To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field \*versions.runtime. \* Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/get?tabs=HTTP **How do I update my Azure Machine Learning Compute Instance runtime version?** Please reference the guidance provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/update?tabs=HTTP

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.