Techly NewsGet the app

Get the latest tech news

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic


A pair of flaws in Microsoft's Entra ID identity and access management system could have allowed an attacker to gain access to virtually all Azure customer accounts.

Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. The other bug was a major flaw in a historic Azure Active Directory application programming interface known as “Graph” that was used to facilitate access to data stored in Microsoft 365. While the specific technical details are different, Microsoft revealed in July 2023 that the Chinese cyber espionage group known as Storm-0558 had stolen a cryptographic key that allowed them to generate authentication tokens and access cloud-based Outlook email systems, including those belonging to US government departments.

Get the Android app

Or read this on Wired

Read more on:

Photo of Microsoft

Microsoft

Photo of d vulnerability

d vulnerability

Photo of entra i

entra i

Related news:

News photo

Target-rich environment: Why Microsoft 365 has become the biggest risk

News photo

Microsoft weaves Oracle and BigQuery data mirroring into Fabric platform

News photo

Microsoft thinks cloud PCs might be overkill, starts streaming just apps under Windows 365

« China Turns Legacy Chips Into a Trade Weapon
Google and PayPal team up on agentic commerce »