Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Confirms Microsoft Partner Center Flaw Exploited In Attacks

CRN by CRN
February 25, 2025
Home News
Share on FacebookShare on Twitter


The ‘critical’ vulnerability in Microsoft’s partner program website can ‘pose significant risks,’ the U.S. cybersecurity agency says.

A “critical” vulnerability potentially affecting users of Microsoft’s partner program website has seen exploitation in cyberattacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Tuesday.

The flaw (tracked at CVE-2024-49035) impacts Partner.Microsoft.com, and was initially disclosed in November 2024.

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

Microsoft had previously marked the vulnerability as “exploited” in its online advisory. However, CISA disclosed Tuesday that based on “evidence of active exploitation,” the agency has now added the flaw to its catalog of exploited vulnerabilities.

CRN has reached out to Microsoft for comment.

The improper access control flaw can be exploited by a threat actor to elevate their privileges on a network — in this case, the Microsoft partner center website — without authentication, according to Microsoft.

Users of the partner center website, however, “do not need to take any action because releases are rolled out automatically over several days,” Microsoft said in the previous advisory about the vulnerability posted in November.

Microsoft had previously said in its advisory that the flaw only impacts the online version of Microsoft Power Apps.

The vulnerability has received a severity score of 9.8 out 10.0 from the National Vulnerability Database, making it a “critical” issue.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in its advisory posted online Tuesday.



Source link

Tags: CyberattacksCybersecurityVulnerabilities
CRN

CRN

Next Post
IBM To Buy DataStax, Expand Watsonx AI Portfolio’s Data Management Capabilities

IBM To Buy DataStax, Expand Watsonx AI Portfolio’s Data Management Capabilities

Recommended.

Global conflicts accelerate cyber threats against UK CNI | Computer Weekly

Global conflicts accelerate cyber threats against UK CNI | Computer Weekly

May 28, 2026
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

June 17, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio