Microsoft Fixes Critical Authentication Flaw Exposing Entra ID Tenants

A critical Microsoft authentication vulnerability that could have compromised all Entra ID tenants due to an Azure AD Graph API flaw involving undocumented 'Actor tokens' has been fixed, highlighting security concerns around Microsoft's identity and access management stack.

• A critical Microsoft authentication vulnerability could have allowed threat actors to compromise virtually every Entra ID tenant
• The flaw stems from an authentication failure in the Azure AD Graph API and abuse of undocumented 'Actor tokens'
• While the vulnerability was fixed, it highlights security concerns around Microsoft's identity and access management stack