Summary: Microsoft has released critical patches for two vulnerabilities affecting Azure AI Face Service and Microsoft Account, which could allow attackers to escalate their privileges. The flaws are tracked as CVE-2025-21396 and CVE-2025-21415, with CVSS scores of 7.5 and 9.9, respectively. Both vulnerabilities have been fully mitigated, requiring no action from customers.
Affected: Microsoft Azure AI Face Service, Microsoft Account
Keypoints :
- Microsoft addressed two Critical-rated vulnerabilities affecting Azure AI Face Service and Microsoft Account.
- CVEs include CVE-2025-21396 (7.5) related to missing authorization and CVE-2025-21415 (9.9) involving authentication bypass.
- The company recognizes the role of transparency in addressing significant security flaws as the cloud services landscape evolves.
Source: https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Views: 26