Microsoft published separate advisories for each vulnerability. They have all been described as privilege escalation issues that have a maximum severity rating of ‘critical’, but based on their CVSS score two of them have a ‘high severity’ rating and only one is actually ‘critical’. In its Partner Network website, specifically the ‘partner.microsoft.com’ domain, Microsoft addressed CVE-2024-49035, a high-severity improper access control vulnerability that allowed an unauthenticated attacker to elevate privileges over a network.