Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/114104955818018205">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 05-Mar-2025 00:51:01 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/114104883061523496" rel="in-reply-to">in reply to</a></div></section><article><p>This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments.</p><p>CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't.</p><p>It being in CISA KEV says it was being exploited in the wild.</p><p>That portal allows a huge footprint of access by design.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4672742#notice-9148103">In conversation</a><time datetime="2025-03-05T00:51:01+09:00" title="Wednesday, 05-Mar-2025 00:51:01 JST">about a month ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/114104955818018205">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1216901">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4240291">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4240444">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/114/104/923/539/557/942/original/2c9e0a4d41ee5e99.png" rel="external">https://cyberplace.social/system/media_attachments/files/114/104/923/539/557/942/original/2c9e0a4d41ee5e99.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4240445">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/114/104/949/055/748/901/original/0e3f5d8799a11897.png" rel="external">https://cyberplace.social/system/media_attachments/files/114/104/949/055/748/901/original/0e3f5d8799a11897.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4240446">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/114/104/952/275/820/546/original/ee71941b76ad9b16.png" rel="external">https://cyberplace.social/system/media_attachments/files/114/104/952/275/820/546/original/ee71941b76ad9b16.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 05-Mar-2025 00:51:01 JST Kevin Beaumont
in reply to
This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments.
CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't.
It being in CISA KEV says it was being exploited in the wild.
That portal allows a huge footprint of access by design.
In conversationabout a month ago from cyberplace.socialpermalink
Attachments

Public

Embed Notice

HTML Code

Corresponding Notice