MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
microsoft
Recherche

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

vendredi 19 septembre 2025, 09:01 , par Slashdot
This Microsoft Entra ID Vulnerability Could Have Been Catastrophic
Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's Access Control Service and a validation failure in the retiring Azure Active Directory Graph API.

Mollema reported the vulnerabilities to Microsoft on July 14. Microsoft released a global fix three days later and found no evidence of exploitation. The vulnerabilities would have allowed attackers to impersonate any user across any Azure tenant and access all Microsoft services using Entra ID authentication. Microsoft confirmed the fixes were fully implemented by July 23 and added additional security measures in August as part of its Secure Future Initiative. The company issued a CVE on September 4.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/09/19/027208/this-microsoft-entra-id-vulnerability-could-have-been-...

Voir aussi

microsoft Microsoft Hikes US Xbox Prices Citing Economic Environment Slashdot19 Sep
entra "Ça aurait pu être différent", ce jeu vidéo très attendu aurait pu être sauvé... s'il n'avait pas été édité par Microsoft ! Vraiment ? JeuxVideo19 Sep
vulnerabilities Microsoft insists Copilot+ PCs are 'empowering the future' – reality disagrees TheRegister19 Sep
access Microsoft prompts Teams AI agents to collaborate with humans ComputerWorld19 Sep
azure One token to pwn them all: Entra ID bug could have granted access to every tenant TheRegister19 Sep
could Microsoft déploie son IA Gaming Copilot Génération-NT19 Sep
attackers Microsoft Paint se transforme sur Windows et taquine Photoshop Génération-NT19 Sep
any Microsoft ouvre un datacenter IA surpuissant mais aussi super économe, un modèle à suivre ? Génération-NT19 Sep
issued Microsoft Teams va se faire envahir par des agents IA 01net19 Sep
july Microsoft is Filling Teams With AI Agents Slashdot19 Sep
catastrophic Microsoft boasts about humongous datacenter on abandoned Foxconn site in Wisconsin TheRegister19 Sep
vulnerability US House of Representatives reverses AI ban: Staffers will have access to Microsoft Copilot ComputerWorld18 Sep
security This Microsoft Entra ID Vulnerability Could Have Been Catastrophic Wired: Tech.18 Sep
authentication RaccoonO365 : Microsoft et Cloudflare démantèlent un empire du phishing Génération-NT18 Sep
mollema Des milliers d’identifiants Microsoft ont été piratés : la contre-attaque est en cours 01net18 Sep
microsoft Microsoft weaves Oracle and BigQuery data mirroring into Fabric platform TheRegister18 Sep
entra Windows 10 : Microsoft a-t-il le droit d’arrêter les mises à jour gratuites ? 01net18 Sep
vulnerabilities Microsoft thinks cloud PCs might be overkill, starts streaming just apps under Windows 365 TheRegister18 Sep
access Microsoft and Cloudflare dismantle RaccoonO365 phishing tool Zataz17 Sep
azure Microsoft Favors Anthropic Over OpenAI For Visual Studio Code Slashdot17 Sep
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
ven. 19 sept. - 23:03 CEST