MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
microsoft
Search

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

Friday September 19, 2025. 09:01 AM , from Slashdot
This Microsoft Entra ID Vulnerability Could Have Been Catastrophic
Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's Access Control Service and a validation failure in the retiring Azure Active Directory Graph API.

Mollema reported the vulnerabilities to Microsoft on July 14. Microsoft released a global fix three days later and found no evidence of exploitation. The vulnerabilities would have allowed attackers to impersonate any user across any Azure tenant and access all Microsoft services using Entra ID authentication. Microsoft confirmed the fixes were fully implemented by July 23 and added additional security measures in August as part of its Secure Future Initiative. The company issued a CVE on September 4.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/25/09/19/027208/this-microsoft-entra-id-vulnerability-could-have-been-...

Related News

microsoft Microsoft Hikes US Xbox Prices Citing Economic Environment SlashdotSep 19
entra Microsoft insists Copilot+ PCs are 'empowering the future' – reality disagrees TheRegisterSep 19
vulnerabilities Microsoft prompts Teams AI agents to collaborate with humans ComputerWorldSep 19
access One token to pwn them all: Entra ID bug could have granted access to every tenant TheRegisterSep 19
azure Microsoft is Filling Teams With AI Agents SlashdotSep 19
could Microsoft boasts about humongous datacenter on abandoned Foxconn site in Wisconsin TheRegisterSep 19
attackers US House of Representatives reverses AI ban: Staffers will have access to Microsoft Copilot ComputerWorldSep 18
any This Microsoft Entra ID Vulnerability Could Have Been Catastrophic Wired: Tech.Sep 18
issued Microsoft weaves Oracle and BigQuery data mirroring into Fabric platform TheRegisterSep 18
july Microsoft thinks cloud PCs might be overkill, starts streaming just apps under Windows 365 TheRegisterSep 18
catastrophic Microsoft Favors Anthropic Over OpenAI For Visual Studio Code SlashdotSep 17
vulnerability This $50 Microsoft Office deal might just break the internet BoingBoingSep 17
security Return on investment for Copilot? Microsoft has work to do TheRegisterSep 17
authentication Microsoft pens $15B love letter to the UK with 23,000 Nvidia GPUs attached TheRegisterSep 17
mollema Why is the name of the Microsoft Wireless Notebook Presenter Mouse 8000 hard-coded into the Bluetooth drivers? OS NewsSep 17
microsoft Microsoft reminds Office users about end of support BetaNewsSep 17
entra Why Microsoft has the name of an old mouse hidden in its Bluetooth drivers TheRegisterSep 17
vulnerabilities Microsoft Surface 7 laptop: Nice hardware, shame about the OS TheRegisterSep 17
access UK Cabinet Office hands stalled Microsoft migration to another department TheRegisterSep 17
azure Microsoft Announces $30 Billion Investment In AI Infrastructure, Operations In UK SlashdotSep 17
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Sep, Sat 20 - 04:32 CEST