Not sure if anybody else caught this, but CISA added CVE-2024-49035 to KEV a week ago - that vuln is about partner.microsoft.com being owned.
Partner.microsoft.com is a portal which allows orgs to grant access to Microsoft 365 tenants, ie read data of downstream customers. #threatintel
This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments.
CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't.
It being in CISA KEV says it was being exploited in the wild.
That portal allows a huge footprint of access by design.
@kkarhan@infosec.space@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.
- This [cyberplace.social] literally begs to be abused via #SocialEngineering / #SocialHacking of #Microsoft personnel or just blatant "#PrivilegueEscalation" through falsefully claiming to be a #MSP / #CSP contracted by the targeted company.
Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...
@kkarhan @GossiTheDog
I kicked that account out of my tenant as soon as I discovered it. Isn't that implemented differently nowadays?
@kkarhan@dsidler @GossiTheDog reminds me of the #SUPPORT_388945a0 - #Backdoor in #WindowsXP…