Critical Microsoft Partner Center vulnerability under attack, CISA warns | CSO Online

A critical vulnerability in Microsoft’s Partner Center platform, CVE-2024-49035, is being actively exploited by unauthenticated attackers. The flaw, which allows privilege escalation and unauthorized access, has been added to CISA’s KEV catalog, prompting urgent action from organizations to mitigate the risk. Organizations are advised to implement network segmentation, continuous access audits, and zero-trust security models to protect against potential data breaches and malware deployment.