• Alphane Moon@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    6 days ago

    So this a remote vulnerability, but no execution just information access? The CVE and Microsoft are not clear about it (or I am bad at reading).

    • Optional@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 days ago

      According to the Debricked vulnerability database, CVE-2024-49071 the issue arose because Windows Defender created a “search index of private or sensitive documents,” but it did not “properly limit index access to actors who are authorized to see the original information.”