Security News > 2025 > February > Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

2025-02-04 05:08
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
News URL
https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Related news
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization (source)
- Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft eggheads say AI can never be made secure – after testing Redmond's own products (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-29 | CVE-2025-21415 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure AI Face Service Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 8.8 |
2025-01-29 | CVE-2025-21396 | Unspecified vulnerability in Microsoft Account Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 8.2 |