Kevin Beaumont
Not sure if anybody else caught this, but CISA added CVE-2024-49035 to KEV a week ago - that vuln is about partner.microsoft.com being owned.
Partner.microsoft.com is a portal which allows orgs to grant access to Microsoft 365 tenants, ie read data of downstream customers. #threatintel
System Adminihater
@GossiTheDog The partner site getting owned makes a lot of sense given that they never update anything in it.
chapulin
@GossiTheDog I wonder if threat actors could gain access to the tenants 🤢
Kevin Beaumont
This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments.
CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't.
It being in CISA KEV says it was being exploited in the wild.
That portal allows a huge footprint of access by design.
cR0w :cascadia:
@GossiTheDog I thought this one was discussed when it came out because MSRC changed it from exploited:no to exploited:yes the day after it was originally published. I think it was in a screaminggoat thread though so I can't search for it anymore.
Dr. Christopher Kunz
@GossiTheDog This is a screenshot of the first snapshot for the CVE-2024-49035 advisory on MSRC. MS knew about exploitation from the get-go. Not sure why CISA is picking this up only now, being long patched and whatnot.
Dr. Christopher Kunz
@GossiTheDog A couple of hours or day after publication maybe, my screenshot is from november 27.
V4N4D1S
@GossiTheDog One of our security providers told us to patch it immediately, because it was added to CISA KEV.
Kevin Beaumont
:blobcatcomfypeek: https://mastodon.social/@expertenkommision_cyberunfall/114121947666456740
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.