- 166/2026
- Critical
Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or execute arbitrary code on the affected systems.
Sample of the addressed vulnerabilities:
1. Azure HorizonDB Elevation of Privilege Vulnerability (CVE-2026-48567):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
2. Microsoft Exchange Online Information Disclosure Vulnerability (CVE-2026-48579):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
The affected products:
- Azure HorizonDB.
- Microsoft Graph.
- Microsoft Exchange Online.
- Copilot Chat (Microsoft Edge).
- Microsoft 365 Copilot.
- Microsoft SharePoint Server.
Vulnerabilities
- CVE-2026-48579
- CVE-2026-47655
- CVE-2026-47644
- CVE-2026-45497
- CVE-2026-42824
- CVE-2026-48567
- CVE-2026-47294
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.