Microsoft | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account	Information Disclosure Privilege Escalation	Microsoft	Joosua Santasalo (@SantasaloJoosua)
XSLeaking with my best bud SOP	Information Disclosure	Microsoft	Ha Anh Hoang
Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec Story	Privilege Escalation	Microsoft	Josh Magri (@Passthehashbrwn)
Inside the Black Box \| How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities	DoS Memory Corruption	Microsoft	Kasif Dekel (@Kasifdekel) Ronen Shustin (@Ronenshh)
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)	Local Privilege Escalation	Microsoft	Jacob Baines (@Junior_Baines)
MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022	Broken Authorization	Microsoft	Joosua Santasalo (@SantasaloJoosua) Kim Jämiä (@KimJamia)
Azure Active Directory Exposes Internal Information	Information Disclosure	Microsoft	Secureworks Counter Threat Unit (@Secureworks)
Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint	Endpoint Spoofing	Microsoft	Gijs Hollestelle
Pwning Microsoft Azure Defender for IoT \| Multiple Flaws Allow Remote Code Execution for All	RCE Memory Corruption SQL Injection	Microsoft	Kasif Dekel (@Kasifdekel) Ronen Shustin (@Ronenshh)
Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda)	Local Privilege Escalation TCC Bypass MacOS	Apple Microsoft	Alfie Champion (@Ajpc500)
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera	Browser Hacking	Google Microsoft Opera	Maciej Pulikowski (@Pulik_io)
Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors	IDOR	Microsoft	Meareg
Git honours embedded bare repos, and exploitation via core.fsmonitor in a directory's .git/config affects IDEs, shell prompts and Git pillagers	RCE	GitHub Microsoft JetBrains	Justin Steven (@Justinsteven)
Securing Developer Tools: Git Integrations	Local Privilege Escalation	Microsoft JetBrains GitHub	Sonar (@SonarSource)
SSD Advisory – Exchange Server GetWacInfo Information Disclosure Vulnerability	XXE Information Disclosure	Microsoft	Alex Birnberg (@Alexbirnberg)
I have Found Microsoft Subdomain Website database list, database username, password	Information Disclosure	Microsoft	Bot Ami (@Botami143)
Escalating from Logic App Contributor to Root Owner in Azure	Privilege Escalation	Microsoft	Josh Magri (@Passthehashbrwn)
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service	Cross-Tenant Vulnerability Account Takeover	Microsoft	Yanir Tsarimi (@Yanir_)
Skype extension: All functionality broken? Still exploitable!	Information Disclosure Privacy Issue	Microsoft	Wladimir Palant (@WPalant)
Microsoft Team’s Unpatched URL Spoofing Vulnerability	URL Spoofing	Microsoft	Priyank Raval
How Docker Made Me More Capable and the Host Less Secure	Local Privilege Escalation	Microsoft	Alon Zahavi (@Alon_Z4)
SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999)	Local Privilege Escalation	Microsoft	Olivier Lyak (@Ly4k_)
Microsoft OneDrive For Macos Local Privilege Escalation	Local Privilege Escalation MacOS	Microsoft	Offensive Security (@Offsectraining)
CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability	URL Validation Bypass	Microsoft	Reegun Jayapaul (@Reegun21)
First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft	XSS	Microsoft	Aidil Arief

Page 6 of 13