CyberSecurityBoard
Sponsor Register Login

Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely

Microsoft has addressed a critical security flaw in its Bing search engine, tracked as CVE-2025-21355, which could have allowed unauthorized attackers to execute arbitrary code remotely. While Microsoft has not disclosed specific technical details to prevent further exploitation, security analysts speculate the vulnerability resided in Bing’s API or cloud service layer. The vulnerability, classified as a Missing authentication for a Critical Function flaw, posed significant risks to organizations and users relying on Bing’s infrastructure. The absence of required authentication made this vulnerability particularly dangerous, as attackers could launch large-scale attacks without needing to compromise user credentials. As a core component of Microsoft’s services, Bing integrates with enterprise tools like Microsoft 365, SharePoint, and Azure Active Directory. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers could exploit the flaw over a network to execute malicious code without requiring user interaction or prior authentication. Microsoft confirmed the flaw affected all Bing service tiers, including consumer and enterprise deployments. With a maximum CVSS severity score of 9.8, this remote code execution (RCE) vulnerability marked one of the most severe threats to Microsoft’s ecosystem this year. Microsoft encourages organizations to subscribe to its Security Update Guide for real-time alerts on emerging threats. CVE-2025-21355 originated from inadequate authentication mechanisms in a critical Bing service component. This would enable threat actors to compromise backend systems, manipulate search results, or exfiltrate sensitive data hosted on Microsoft’s infrastructure. The flaw’s network-based attack vector suggests it could have been exploited via specially crafted requests to unpatched servers, bypassing authentication checks to gain SYSTEM-level privileges.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 01:45:10 +0000


Cyber News related to Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely

Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely - Microsoft has addressed a critical security flaw in its Bing search engine, tracked as CVE-2025-21355, which could have allowed unauthorized attackers to execute arbitrary code remotely. While Microsoft has not disclosed specific technical details to ...
4 months ago Cybersecuritynews.com CVE-2025-21355
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
1 year ago Bleepingcomputer.com
Microsoft Introduces AIEnabled Bing and Edge Web Browser - Microsoft has released a new version of its Bing search engine that is powered by a next-generation OpenAI language model. This model is more powerful than ChatGPT and is specifically designed for web search. According to Microsoft Chairman and CEO ...
2 years ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com
Latest Information Security and Hacking Incidents - Prepare for a paradigm shift as Microsoft takes a giant leap forward with a game-changing announcement - the integration of an Artificial Intelligence key in their keyboards, the most substantial update in 30 years. This futuristic addition promises ...
1 year ago Cysecurity.news
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
3 months ago Bleepingcomputer.com
Microsoft announces Security Copilot early access program - Microsoft announced this week that its ChatGPT-like Security Copilot AI assistant is now available in early access for some customers. Security Copilot, Redmond's AI-driven security analysis tool, makes it faster for security teams to counter threats ...
1 year ago Bleepingcomputer.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29
Navigating Microsoft's Innovations For 2023: Get Up to Date With The Latest Developments - In the world of digital technology, staying up-to-date with the latest advancements and innovations is becoming increasingly important. As one of the leading technology companies in the world, Microsoft is constantly introducing new innovations in ...
2 years ago Hackread.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
1 year ago Darkreading.com CVE-2024-21412 CVE-2024-21351 CVE-2024-21410 CVE-2024-21413
"Microsoft’s Secure Future Initiative" Biggest cybersecurity Project in Its History - Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry. Following ...
2 months ago Cybersecuritynews.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
Microsoft extends Purview Audit log retention after July breach - Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July. The list of affected organizations included government ...
1 year ago Bleepingcomputer.com
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
1 year ago Microsoft.com
Microsoft's 'Copilot for Security' brings generative AI to the frontlines of cybersecurity - Microsoft announced today that Copilot for Security, a generative AI-powered platform designed to assist security professionals in combating the ever-evolving cyberthreat landscape, will be generally available worldwide starting April 1st. The launch ...
1 year ago Venturebeat.com
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
1 year ago Techtarget.com CVE-2023-23397 CVE-2023-29324 Fancy Bear Silence
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
1 year ago Cybersecuritynews.com Cozy Bear APT29

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)