Tech »  Topic »  Microsoft Patches Critical Entra ID Flaw

Microsoft Patches Critical Entra ID Flaw

2 days, 5 hours ago   bankinfosecurity

Cloud Giant Avoids Global Tenant Compromise Prajeet Nair (@prajeetspeaks) • September 23, 2025

Image: Daniel Constante/Shutterstock

Microsoft is disclosing a vulnerability that allowed hackers to obtain admin access to virtually any cloud instance of SharePoint or Exchange - although no evidence exists that anyone besides the researcher who disclosed the flaw was aware of the improper authentication shortcoming before the computing giant hustled out a fix.

See Also: Identity-Based Attacks - When MFA Isn't Enough

The operating system and cloud computing giant said it fully mitigated the flaw without Azure customers needing to take action. The flaw is tracked as CVE-2025-55241.

Security researcher Dirk-jan Mollema uncovered and reported the shortcoming on July 14. Microsoft recognized the issue as a privilege escalation bug and deployed a global fix on July 17. The company said there is no evidence of exploitation in the wild.

During his research, Mollema said he was able to ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE

More related news