The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that two newly discovered vulnerabilities affecting Microsoft Partner Center and Zimbra Collaboration Suite are being actively exploited, prompting their addition to the Known Exploited Vulnerabilities (KEV) catalog.
These flaws, identified as CVE-2024-49035 in Microsoft’s platform and CVE-2023-34192 in Zimbra, are actively used in cyberattacks against enterprises, IT service providers, and organizations relying on these platforms.
Microsoft Partner Center, a management platform used by cloud service providers and enterprises worldwide, and Zimbra Collaboration Suite, a popular email platform for businesses and government agencies, both face threats that could allow attackers to gain unauthorized access.
CISA’s designation means federal agencies must apply security measures immediately, while private businesses are strongly advised to follow suit.
Microsoft Partner Center Exploitation Raises Security Concerns
Microsoft first identified active attacks exploiting CVE-2024-49035 in November 2024, with security researchers warning that the flaw enables attackers to bypass authentication and escalate privileges. The platform is used by over 400,000 Microsoft partners to manage cloud services, licenses, and security settings, making it a high-value target.
Microsoft Partner Center is designed to help Microsoft partners streamline business operations and handle their relationship with both Microsoft and their customers. It provides tools for account and user management, customer engagement, subscription handling, billing, and support requests. Additionally, partners can enroll in incentive programs, collaborate with other partners, and publish or explore offerings in the Microsoft commercial marketplace, which features transactable services and applications from independent software vendors (ISVs).
According to Microsoft’s advisory, “No customer action is needed to resolve the improper access control flaw, as it was fixed via an automatic update to the online version of Microsoft Power Apps.”
However, organizations should not assume full protection and should instead enforce multi-factor authentication (MFA), review access logs for suspicious activity, and apply all available security updates.
The nature of the exploit suggests that attackers are specifically targeting identity and access management systems, a recurring issue in previous security incidents involving Microsoft’s cloud services.
Similar attacks have been reported in previous cybersecurity incidents, where adversaries exploited authentication weaknesses in cloud-based platforms.
Zimbra Collaboration Suite Faces Persistent Attacks
Meanwhile, CVE-2023-34192 is actively targeting Zimbra Collaboration Suite, allowing attackers to exploit cross-site scripting (XSS) vulnerabilities to manipulate email content and gain unauthorized access. Similar flaws in Zimbra have been exploited in the past, including a widespread attack campaign in mid-2023 that compromised multiple government and enterprise email systems.
Synacor, Zimbra’s parent company, has provided temporary mitigation guidance but has not announced a definitive timeline for a full security patch. Given the repeated targeting of Zimbra, security experts emphasize the need for organizations to apply the latest security configurations and deploy additional email security measures to prevent further exploitation.
CISA’s KEV Listing and Its Impact on Enterprise Security
The inclusion of Microsoft Partner Center and Zimbra vulnerabilities in the Known Exploited Vulnerabilities (KEV) catalog underscores how rapidly cybercriminals are exploiting newly discovered flaws.
Once a vulnerability appears on the KEV list, federal agencies must implement fixes within a strict timeframe, while private sector organizations are strongly advised to take immediate action.
Security analysts have noted that cloud-based platforms are increasingly being targeted, with identity and authentication systems often exploited to gain persistent access. The attacks on Microsoft Partner Center and Zimbra align with previous breaches where authentication bypass techniques were leveraged against widely used enterprise software. The risk is particularly high for IT service providers, who manage multiple client environments and could become entry points for large-scale attacks.
Lessons from Past Attacks on Cloud and Email Platforms
Cloud service vulnerabilities have been a recurring concern. Microsoft has previously faced scrutiny over its cloud security practices, with multiple past incidents exposing weaknesses in access management.
Similar security gaps have been exploited in large-scale cyber campaigns, as highlighted in prior investigations into Microsoft-related security risks. Attackers often take advantage of improperly secured API endpoints and misconfigurations, which remain a challenge for enterprises relying on cloud identity solutions.
Zimbra has also been a repeated target, with previous incidents showing how email vulnerabilities can be leveraged for phishing, credential theft, and long-term espionage campaigns. The lack of immediate patches in previous cases raises concerns about whether businesses using Zimbra are adequately prepared for this latest wave of attacks.
Mitigation Steps for Businesses and IT Administrators
Organizations using Microsoft Partner Center should implement additional security measures beyond Microsoft’s automatic update. Multi-factor authentication (MFA) should be enforced for all privileged accounts, and administrators should conduct regular access audits to detect unauthorized login attempts.
For enterprises relying on Zimbra Collaboration Suite, applying Synacor’s recommended mitigations is essential. Email security policies should be reviewed, and IT teams should consider additional monitoring solutions to detect potential XSS exploitation attempts.
The growing reliance on cloud platforms and enterprise email services means that vulnerabilities like these will continue to be attractive targets for attackers.
