Vulnerability-Lookup

CVE-2026-45650 (GCVE-0-2026-45650)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:04 – Updated: 2026-06-09 21:50

Title

Microsoft Bing Search Spoofing Vulnerability

Summary

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CWE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Microsoft Bing Search for Android	Affected: 1.0.0 , < 33.3 (custom)

Date Public

2026-06-09 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Microsoft Bing Search for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "33.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:bing:*:*:*:*:*:android:*:*",
                  "versionEndExcluding": "33.3",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T21:50:10.760Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Bing Search Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
        }
      ],
      "title": "Microsoft Bing Search Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-45650",
    "datePublished": "2026-06-09T17:04:55.021Z",
    "dateReserved": "2026-05-12T20:33:35.157Z",
    "dateUpdated": "2026-06-09T21:50:10.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-45650\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-06-09T17:17:32.160\",\"lastModified\":\"2026-06-09T19:32:51.440\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650\",\"source\":\"secure@microsoft.com\"}]}}"
  }
}

FKIE_CVE-2026-45650

Vulnerability from fkie_nvd - Published: 2026-06-09 17:17 - Updated: 2026-06-09 19:32

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network."
    }
  ],
  "id": "CVE-2026-45650",
  "lastModified": "2026-06-09T19:32:51.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-06-09T17:17:32.160",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-451"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

GHSA-XF2J-6378-CHGC

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30

Details

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-45650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-451"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:32Z",
    "severity": "MODERATE"
  },
  "details": "User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.",
  "id": "GHSA-xf2j-6378-chgc",
  "modified": "2026-06-09T18:30:53Z",
  "published": "2026-06-09T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45650"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-45650

Vulnerability from csaf_microsoft - Published: 2026-06-09 07:00 - Updated: 2026-06-09 07:00

Summary

Microsoft Bing Search Spoofing Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-45650

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Microsoft Bing Search for Android 33.3 Microsoft Bing Search for Android		33.3

Known affected 1 product

Product	Identifier	Version	Remediation
Microsoft Bing Search for Android <33.3 Microsoft Bing Search for Android		<33.3	Vendor Fix fix

Threats

Impact Spoofing

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Alfaz Hossain

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Alfaz Hossain"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
      },
      {
        "category": "self",
        "summary": "CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45650.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Bing Search Spoofing Vulnerability",
    "tracking": {
      "current_release_date": "2026-06-09T07:00:00.000Z",
      "generator": {
        "date": "2026-06-09T17:48:01.940Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-45650",
      "initial_release_date": "2026-06-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-09T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c33.3",
            "product": {
              "name": "Microsoft Bing Search for Android \u003c33.3",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "33.3",
            "product": {
              "name": "Microsoft Bing Search for Android 33.3",
              "product_id": "11771"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Bing Search for Android"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45650",
      "cwe": {
        "id": "CWE-451",
        "name": "User Interface (UI) Misrepresentation of Critical Information"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The user would have to click on a specially crafted URL to be compromised by the attacker.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        }
      ],
      "product_status": {
        "fixed": [
          "11771"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
        },
        {
          "category": "self",
          "summary": "CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45650.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T07:00:00.000Z",
          "details": "33.3:Security Update:https://play.google.com/store/apps/details?id=com.microsoft.bing",
          "product_ids": [
            "1"
          ],
          "url": "https://play.google.com/store/apps/details?id=com.microsoft.bing"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Spoofing"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Bing Search Spoofing Vulnerability"
    }
  ]
}

WID-SEC-W-2026-1843

Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-09 22:00

Summary

Microsoft Apps: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Microsoft Copilot ist ein KI-Assistent, der in verschiedene Microsoft-Produkte integriert werden kann. Microsoft PowerToys ist eine Sammlung von Dienstprogrammen für fortgeschrittene Benutzer, die das Windows-Erlebnis anpassen und optimieren. Microsoft bietet in der Apps-Produktfamilie zahlreiche Anwendungen für mobile Endgeräte an.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft 365 Copilot, Microsoft PowerToys und verschiedenen Microsoft Apps ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Spoofing-Angriffe durchzuführen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Windows

CVE-2026-42902

Affected products

Known affected 5 products

Product	Identifier	Version
Microsoft Apps Bing Search Microsoft / Apps	`cpe:/a:microsoft:apps:bing_search`	Bing Search
Microsoft Apps PC Manager Microsoft / Apps	`cpe:/a:microsoft:apps:pc_manager`	PC Manager
Microsoft Apps Windows Graphics Component Microsoft / Apps	`cpe:/a:microsoft:apps:windows_graphics_component`	Windows Graphics Component
Microsoft PowerToys Microsoft	`cpe:/a:microsoft:powertoys:-`	—
Microsoft 365 Copilot Microsoft	`cpe:/a:microsoft:365_copilot:-`	—

CVE-2026-44803

Affected products

Known affected 5 products

Product	Identifier	Version
Microsoft Apps Bing Search Microsoft / Apps	`cpe:/a:microsoft:apps:bing_search`	Bing Search
Microsoft Apps PC Manager Microsoft / Apps	`cpe:/a:microsoft:apps:pc_manager`	PC Manager
Microsoft Apps Windows Graphics Component Microsoft / Apps	`cpe:/a:microsoft:apps:windows_graphics_component`	Windows Graphics Component
Microsoft PowerToys Microsoft	`cpe:/a:microsoft:powertoys:-`	—
Microsoft 365 Copilot Microsoft	`cpe:/a:microsoft:365_copilot:-`	—

CVE-2026-44812

Affected products

Known affected 5 products

Product	Identifier	Version
Microsoft Apps Bing Search Microsoft / Apps	`cpe:/a:microsoft:apps:bing_search`	Bing Search
Microsoft Apps PC Manager Microsoft / Apps	`cpe:/a:microsoft:apps:pc_manager`	PC Manager
Microsoft Apps Windows Graphics Component Microsoft / Apps	`cpe:/a:microsoft:apps:windows_graphics_component`	Windows Graphics Component
Microsoft PowerToys Microsoft	`cpe:/a:microsoft:powertoys:-`	—
Microsoft 365 Copilot Microsoft	`cpe:/a:microsoft:365_copilot:-`	—

CVE-2026-45650

Affected products

Known affected 5 products

Product	Identifier	Version
Microsoft Apps Bing Search Microsoft / Apps	`cpe:/a:microsoft:apps:bing_search`	Bing Search
Microsoft Apps PC Manager Microsoft / Apps	`cpe:/a:microsoft:apps:pc_manager`	PC Manager
Microsoft Apps Windows Graphics Component Microsoft / Apps	`cpe:/a:microsoft:apps:windows_graphics_component`	Windows Graphics Component
Microsoft PowerToys Microsoft	`cpe:/a:microsoft:powertoys:-`	—
Microsoft 365 Copilot Microsoft	`cpe:/a:microsoft:365_copilot:-`	—

CVE-2026-49161

Affected products

Known affected 5 products

Product	Identifier	Version
Microsoft Apps Bing Search Microsoft / Apps	`cpe:/a:microsoft:apps:bing_search`	Bing Search
Microsoft Apps PC Manager Microsoft / Apps	`cpe:/a:microsoft:apps:pc_manager`	PC Manager
Microsoft Apps Windows Graphics Component Microsoft / Apps	`cpe:/a:microsoft:apps:windows_graphics_component`	Windows Graphics Component
Microsoft PowerToys Microsoft	`cpe:/a:microsoft:powertoys:-`	—
Microsoft 365 Copilot Microsoft	`cpe:/a:microsoft:365_copilot:-`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Copilot ist ein KI-Assistent, der in verschiedene Microsoft-Produkte integriert werden kann.\r\nMicrosoft PowerToys ist eine Sammlung von Dienstprogrammen f\u00fcr fortgeschrittene Benutzer, die das Windows-Erlebnis anpassen und optimieren.\r\nMicrosoft bietet in der Apps-Produktfamilie zahlreiche Anwendungen  f\u00fcr mobile Endger\u00e4te an.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft 365 Copilot, Microsoft PowerToys und verschiedenen Microsoft Apps ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Spoofing-Angriffe durchzuf\u00fchren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1843 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1843.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1843 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1843"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Apps: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-10T06:15:55.886+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1843",
      "initial_release_date": "2026-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Copilot",
            "product": {
              "name": "Microsoft 365 Copilot",
              "product_id": "T055107",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_copilot:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "PC Manager",
                "product": {
                  "name": "Microsoft Apps PC Manager",
                  "product_id": "T055109",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:apps:pc_manager"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Bing Search",
                "product": {
                  "name": "Microsoft Apps Bing Search",
                  "product_id": "T055110",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:apps:bing_search"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Windows Graphics Component",
                "product": {
                  "name": "Microsoft Apps Windows Graphics Component",
                  "product_id": "T055170",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:apps:windows_graphics_component"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Apps"
          },
          {
            "category": "product_name",
            "name": "Microsoft PowerToys",
            "product": {
              "name": "Microsoft PowerToys",
              "product_id": "T055108",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:powertoys:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-42902",
      "product_status": {
        "known_affected": [
          "T055110",
          "T055109",
          "T055170",
          "T055108",
          "T055107"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-42902"
    },
    {
      "cve": "CVE-2026-44803",
      "product_status": {
        "known_affected": [
          "T055110",
          "T055109",
          "T055170",
          "T055108",
          "T055107"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-44803"
    },
    {
      "cve": "CVE-2026-44812",
      "product_status": {
        "known_affected": [
          "T055110",
          "T055109",
          "T055170",
          "T055108",
          "T055107"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-44812"
    },
    {
      "cve": "CVE-2026-45650",
      "product_status": {
        "known_affected": [
          "T055110",
          "T055109",
          "T055170",
          "T055108",
          "T055107"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45650"
    },
    {
      "cve": "CVE-2026-49161",
      "product_status": {
        "known_affected": [
          "T055110",
          "T055109",
          "T055170",
          "T055108",
          "T055107"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49161"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-45650 (GCVE-0-2026-45650)

FKIE_CVE-2026-45650

GHSA-XF2J-6378-CHGC

MSRC_CVE-2026-45650

WID-SEC-W-2026-1843

Tags

Sightings

Nomenclature