Elevation of Privilege Vulnerability in Partner.Microsoft.com
CVE-2024-49035

8.7HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Partner Center
Vendor
CVE Published:
26 November 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

The articles discuss several significant security vulnerabilities affecting Microsoft's artificial intelligence, cloud infrastructure, and enterprise platforms. One flaw, identified as CVE-2024-49035, is currently being exploited in the wild and allows unauthorized attackers to elevate their privileges through Partner.Microsoft.com. Other vulnerabilities affect Copilot Studio, Azure PolicyWatch, and Microsoft Dynamics 365 Sales, with potential impacts on data security and business operations. Security updates have been implemented, but organizations are urged to apply patches promptly to protect against potential attacks.

Affected Version(s)

Microsoft Partner Center Unknown

News Articles

favicon imageThe CFO

Microsoft addresses critical security vulnerabilities across AI and cloud services - The CFO

Microsoft has unveiled patches for four significant security vulnerabilities affecting its artificial intelligence, cloud infrastructure, and enterprise platforms, with one flaw already being exploited in production environments. The developments raise concerns about potential widespread impacts on ...

1 month ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The CFO

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.