CVE-2019-1172

Description

An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a users account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing the attacker to steal the users token. The security update addresses the vulnerability by correcting how MSA handles cookies.