A ‘critical’ vulnerability in Microsoft’s partner program website has seen exploitation in cyberattacks, according to CISA.