The “critical” vulnerability in Microsoft’s spouse program may “pose significant risks,” according to the U. S. Cybersecurity Agency. U. S.
A “critical” vulnerability potentially affecting users of Microsoft’s spouse program has been exploited in cyberattacks, the U. S. Agency for Security, Cybersecurity, and Infrastructure (CISA) has been exploited. U. S. He showed on Tuesday.
The flaw (tracked in CVE-2024-49035) has a partenaire. microsoft. com has an effect and was first disclosed in November 2024.
[Related: Top 10 Ransomware Attacks and Data Breaches in 2024]
Microsoft had marked in the past vulnerability as “exploited” in their online opinion. However, the CISA revealed on Tuesday that on the basis of “active operational evidence”, the company has now added the failure to its catalog of exploited vulnerabilities.
CRN has reached out to Microsoft for comment.
The improper access flaw can be exploited through a risk actor to lift privileges on a network — in this case, the Microsoft Partner Center online page — without authentication, according to Microsoft.
However, users of the Association Center website, “Don’t want to take any action because versions are automatically deployed over the days,” Microsoft said in the last Steerage about the vulnerability published in November.
Microsoft had stated in the past in its advisory that the flaw only affects the online edition of Microsoft Power Applications.
The vulnerability earned a severity score of 9. 8 out of 10. 0 from the national vulnerability database, making it a “critical” issue.
“These vulnerabilities are common attack vectors for malicious cyber actors and represent significant hazards for the federal company,” CISA said in his notice published online on Tuesday.