The “critical” vulnerability in the Microsoft spouse program can “present significant risks,” according to the American cybersecurity agency.
A “critical” vulnerability that potentially affects the users of the Microsoft spouses program experienced the operation in cyber attacks, the cybersecurity and infrastructure security firm in the United States (CISA) showed Tuesday on Tuesday.
The defect (monitoring in CVE-2024-49035) has an impact spouse. microsoft. com and was revealed first in November 2024.
[Related: 10 primary ransomware attacks and knowledge violations in 2024]
Microsoft had marked in the past vulnerability as “exploited” in their online opinion. However, the CISA revealed on Tuesday that on the basis of “active operational evidence”, the company has now added the failure to its catalog of exploited vulnerabilities.
The CRN contacted Microsoft to comment.
The lack of access to the point of the point can be used through a risk player to raise his privileges in a network, in this case, the online page of the Microsoft partners center, without authentication, according to Microsoft.
However, the users of the website of the association center, “do not want to take any measure because the exits are implemented for several days,” Microsoft said in the last vulnerability council published in November.
In the past, Microsoft had declared in his opinion that the defect only has one effect on the Microsoft Power Applications online edition.
Vulnerability has gained a gravity score of 9. 8 of 10. 0 of the national vulnerability database, so it is a “critical” problem.
“These vulnerabilities are common attack vectors for malicious cyber-actors and provide significant hazards for the federal company,” CISA said in his opinion published online on Tuesday.