Microsoft fixes Power Pages zero-day bug exploited in attacks CVSS : 8.2 High

Microsoft fixes Power Pages zero-day bug exploited in attacks CVSS : 8.2 High

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Microsoft fixes Power Pages zero-day bug exploited in attacks CVSS : 8.2 High

Information

   Microsoft Power Pages is part of the Microsoft Power Platform, a low-code Software as a Service (SaaS) web development platform that makes it easy for users to build, host, and manage secure external websites. There is a built-in security system Including access management and user authentication. Ideal for creating websites for businesses, communities, or organizations that need to communicate and interact with external users. It can be used with other Microsoft Power Platform services (such as Power BI, Power Apps, Power Automate) and other Microsoft 365 services.

Incident

   Microsoft has issued a security alert about a zero-day vulnerability or security vulnerability in software or hardware that is not yet known by the software developer or no patch or fix has been released for high-severity privilege escalation in Power Pages The release of a high-severity privilege escalation in Power Pages, which hackers exploited as a zero-day attack is an issue of improper access control affecting Power Pages.This allows unauthorized attackers to elevate their privileges across the network and bypass user registration controls Attackers can also attack computer systems. or network to steal information Install malware or take control of the system and can also bypass user registration controls.Zero-day vulnerabilities are a serious threat. Because users are not protected until the developer releases a patch. and is classified as It is described as "high severity" because it allows an attacker to gain access to critical controls of Power Pages.

Advice

(Because zero-day vulnerabilities are not known Protection is difficult)

  - Always update your software to the latest version.

  - Be careful when opening attachments or clicking links from unknown sources.

  - Check user list Especially administrators and users with high privileges.

  - Check permission changes

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

 

Reference

  - https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/

  - https://app.opencve.io/cve/CVE-2025-24989

  - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989

  - https://learn.microsoft.com/en-us/power-platform/admin/logging-power-pages

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2022-42433

29/3/2023

14/2/2028

TP-Link TL-WR841N TL-WR841N(US)_V14_220121

execute arbitrary code

8

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. An attacker can leverage this vulnerability to execute code in the context of root.

Fixed in firmware 220914

https://www.zerodayinitiative.com/advisories/ZDI-22-1466/
2

CVE-2025-0108

12/2/2025

14/2/2025

PAN-OS 11.2 – Versions earlier than 11.2.4-h4
PAN-OS 11.1 – Versions earlier than 11.1.6-h1
PAN-OS 10.2 – Versions earlier than 10.2.13-h3
PAN-OS 10.1 – Versions earlier than 10.1.14-h9
Prisma Access and Cloud NGFW are not impacted by this issue.

authentication bypass

7.8

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts.

upgrade versions
PAN-OS 11.2.4-h4 and later
PAN-OS 11.1.6-h1 and later
PAN-OS 10.2.13-h3 and later
PAN-OS 10.1.14-h9 and later

https://security.paloaltonetworks.com/CVE-2025-0108
3

CVE-2025-23015

4/2/2025

15/2/2025

Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.

Privilege Escalation

8.8

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource.

upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3

https://app.opencve.io/cve/CVE-2025-23015


 
 4

CVE-2024-40591

11/2/2025

14/2/2025

Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15

incorrect privilege assignment

8.0

An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.

FortiOS 7.6 Upgrade to 7.6.1 or above
FortiOS 7.4 Upgrade to 7.4.5 or above
FortiOS 7.2 Upgrade to 7.2.10 or above
FortiOS 7.0 Upgrade to 7.0.16 or above

https://fortiguard.fortinet.com/psirt/FG-IR-24-302
5

CVE-2024-20419

17/7/2024

13/2/2025

Cisco Smart Software Manager On-Prem (SSM On-Prem)

remote attacker

10.0

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

no workarounds

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

14/02/2025

Phishing

Microsoft Uncovers New Russian-Linked Threat Group Storm-2372Microsoft has revealed a new cyber threat group, Storm-2372, linked to Russia. The group has been targeting organizations since August 2024, with victims spanning government agencies, non-profits, IT services, defense, telecommunications, healthcare, education, and energy sectors across Europe, North America, Africa, and the Middle East.Storm-2372 employs a "device code phishing" technique, tricking users into logging into applications like Microsoft Teams via fraudulent meeting invitations. When victims click the link, they are redirected to a login page requesting a device code. Once entered, hackers obtain an access token, allowing them to infiltrate accounts and access sensitive data.After gaining access, the attackers use the stolen tokens to penetrate other authorized services, such as email and cloud storage. Additionally, they exploit compromised accounts to send internal phishing messages, further spreading the attack within organizations. The hackers also leverage Microsoft Graph to search for critical information, including user credentials and confidential data.
  • Disable the device code flow feature if it is not required.
  • Enable Multi-Factor Authentication (MFA) to enhance account security.
  • Review and strengthen security settings for email accounts and cloud systems.

Ref: https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html 

04 March 2025

Viewed 63 time

Engine by shopup.com