Cyberdudebivash

  Executive Summary A recently disclosed critical vulnerability in Microsoft Entra ID (formerly Azure Active Directory) could have allowed attackers to impersonate any user , including Global Administrators, across any tenant , due to mis-validated tokens and legacy API issues. WIRED +2 dirkjanm.io +2 Discovered by researcher Dirk-jan Mollema (Outsider Security), these flaws involved Actor Tokens issued via legacy Access Control Service plus a flaw in the outdated Azure AD Graph API, allowing these tokens to be used across tenants. dirkjanm.io +1 Microsoft was notified 14 July 2025; fix rolled out rapidly. WIRED +1 Impact: tenant takeover, creation of admin accounts, modification of configuration, complete compromise of Entra ID resources. Background & Vulnerability Details What are Actor Tokens & Azure AD Graph API Actor Tokens are internal service-to-service impersonation tokens used historically by Microsoft’s backend services. They were not intende...