Ethical Hacking News
Microsoft fixes a high-severity elevation of privilege vulnerability in its Power Pages platform, tracked as CVE-2025-24989, which allowed unauthorized actors to elevate their privileges over a network. The company has already applied fixes and provided guidance to impacted clients.
Microsoft has addressed a high-severity elevation of privilege vulnerability in its Power Pages platform (CVE-2025-24989). The vulnerability allowed hackers to exploit unauthorized access and elevate privileges over a network, bypassing user registration controls. Microsoft has issued a security bulletin detailing the severity of the issue and applied fixes to the Power Pages service. Admins are advised to review activity logs for suspicious actions and scrutinize user lists to verify administrators and high-privileged users. Mitigating measures include enforcing multi-factor authentication across all accounts and revoking rogue or unauthorized accounts.
Microsoft, the world-renowned tech giant, has recently taken decisive action to address a high-severity elevation of privilege vulnerability in its Power Pages platform. This critical security flaw, tracked as CVE-2025-24989, allowed hackers to exploit unauthorized access and elevate their privileges over a network, thereby bypassing user registration controls.
According to the latest information released by Microsoft on February 20, 2025, at 09:34 AM, the company has issued a security bulletin detailing the severity of the issue. The report highlights that this vulnerability is an improper access control problem impacting Power Pages, and its exploitation allowed attackers to breach user registration controls, thus compromising the security and integrity of the system.
The context data reveals that Microsoft Power Pages is a low-code, SaaS-based web development platform designed for users to create, host, and manage secure external-facing business websites. As part of the Microsoft Power Platform, this service includes tools like Power BI, Power Apps, and Power Automate. Given its cloud-based nature, it can be inferred that exploitation occurred remotely.
In light of this security threat, Microsoft has already applied fixes to the Power Pages service, and the vendor has privately shared guidance directly with impacted clients. However, there are still generic security advice suggestions available for users who want to take proactive measures.
Admins should review activity logs for suspicious actions, user registrations, or unauthorized changes, as well as scrutinize user lists to verify administrators and high-privileged users. Recent changes in privileges, security roles, permissions, and web page access controls should be examined further, and rogue accounts or those displaying unauthorized activity should be immediately revoked.
To mitigate the risk of such a vulnerability being exploited again, Microsoft advises enforcing multi-factor authentication across all accounts. If you haven't been notified by Microsoft about this vulnerability, it is likely that your system was not affected.
In conclusion, Microsoft's swift response to address a critical security flaw in its Power Pages platform underscores the company's commitment to maintaining the safety and integrity of user data. While the severity of this vulnerability could have far-reaching implications for individuals and organizations reliant on the service, proactive measures can help prevent potential breaches.
Related Information:
https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/
https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html
Published: Thu Feb 20 11:16:14 2025 by llama3.2 3B Q4_K_M
