The “critical” vulnerability in the Microsoft spouse program can “present significant risks,” according to the American cybersecurity agency.
A “critical” vulnerability that potentially affects the users of the Microsoft spouses program has been exploited in cyber attacks, the United Safety, Cybersecurity and Infrastructure Agency of the United States (CISA) showed Tuesday on Tuesday.
The defect (tracked in CVE-2024-49035) has a partner. microsoft. com has an effect and was revealed first in November 2024.
[Related: 10 primary ransomware attacks and knowledge violations in 2024]
Microsoft had marked in the past vulnerability as “exploited” in its online warning. However, CISA revealed on Tuesday that he founded the “evidence of active exploitation”, the company has now added the defect to its catalog of exploited vulnerabilities.
The CRN contacted Microsoft to comment.
The lack of access to the point of the point can be used through a risk player to raise his privileges in a network, in this case, the online page of the Microsoft partners center, without authentication, according to Microsoft.
However, the users of the website of the association center, “do not want to take any measure because the exits are implemented for several days,” Microsoft said in the last vulnerability council published in November.
In the past, Microsoft had declared in his opinion that the defect only has one effect on the Microsoft Power Applications online edition.
Vulnerability has gained a gravity score of 9. 8 of 10. 0 of the national vulnerability database, so it is a “critical” problem.
“These vulnerabilities are common attack vectors for malicious cyber-actors and provide significant hazards for the federal company,” CISA said in his opinion published online on Tuesday.