CVE-2024-49035 - Microsoft Partner Center Improper Access Control Vulnerability

Vulnerability Name

Microsoft Partner Center Improper Access Control Vulnerability

Description

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035

https://nvd.nist.gov/vuln/detail/CVE-2024-49035

Related News Articles

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active ExploitationFebruary 26, 2025