Summary: Microsoft has issued security updates for two critical vulnerabilities affecting Bing and Power Pages, one of which is actively being exploited. The vulnerabilities, CVE-2025-21355 and CVE-2025-24989, allow unauthorized code execution and elevation of privileges, respectively. Microsoft has ensured that affected customers have been notified and provided guidance for mitigation.
Affected: Microsoft Bing and Microsoft Power Pages
Keypoints :
- CVE-2025-21355 (CVSS score: 8.6) involves remote code execution in Microsoft Bing.
- CVE-2025-24989 (CVSS score: 8.2) refers to an elevation of privilege vulnerability in Power Pages.
- Microsoft confirmed that the vulnerabilities have been mitigated and affected customers have been alerted with instructions for further action.
- At least one instance of exploit has been detected in the wild for CVE-2025-24989.
Source: https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html