www.itfunk.orgwww.itfunk.orgwww.itfunk.org
  • Home
  • Tech News
    Tech NewsShow More
    Zero Trust: How a Security Idea Became a Blueprint
    41 Min Read
    Cybersecurity Law Expiration Could Unleash New Ransomware Surge – Former FBI Official Sounds the Alarm
    8 Min Read
    Under the Hood of Microsoft’s May 2025 Patch Tuesday: The CLFS and WinSock Problem Microsoft Can’t Seem to Fix
    7 Min Read
    The Hidden Sabotage: How Malicious Go Modules Quietly Crashed Linux Systems
    6 Min Read
    Agentic AI: The Next Frontier in Cybersecurity Defense and Risk​
    5 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
    • Microsoft CVE Vulnerabilities
  • How To Guides
    How To GuidesShow More
    Tasksche.exe Malware
    Nviqri Someq Utils Unwanted Application
    4 Min Read
    How to Deal With Rbx.fund Scam
    4 Min Read
    How to Jailbreak DeepSeek: Unlocking AI Without Restrictions
    4 Min Read
    Why Streaming Services Geo-Restrict Content?
    10 Min Read
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    IT/Cybersecurity Best PracticesShow More
    Zero Trust: How a Security Idea Became a Blueprint
    41 Min Read
    Under the Hood of Microsoft’s May 2025 Patch Tuesday: The CLFS and WinSock Problem Microsoft Can’t Seem to Fix
    7 Min Read
    Affordable Endpoint Protection Platforms (EPP) for Small Businesses
    5 Min Read
    Outlaw Malware: A Persistent Threat Exploiting Linux Servers
    4 Min Read
    CVE-2024-48248: Critical NAKIVO Backup & Replication Flaw Actively Exploited—Patch Immediately
    6 Min Read
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org. All Rights Reserved.
Reading: Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account
Share
Notification Show More
Font ResizerAa
www.itfunk.orgwww.itfunk.org
Font ResizerAa
  • Tech News
  • How To Guides
  • Cyber Threats
  • Product Reviews
  • Cybersecurity for Business
  • Free Scan
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How To Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • Cybersecurity for Business
  • FREE SCAN
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org All Rights Reserved.
www.itfunk.org > Blog > Cyber Threats > Microsoft CVE Vulnerabilities > Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account
IT/Cybersecurity Best PracticesMicrosoft CVE VulnerabilitiesTech News

Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account

ITFunk Research
Last updated: June 12, 2025 4:21 pm
ITFunk Research
Share
Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account
SHARE

Threat Overview

Microsoft has recently addressed two critical security vulnerabilities that posed potential threats to its cloud-based services. The security patches resolve vulnerabilities in Azure AI Face Service and Microsoft Account, both of which could have allowed cybercriminals to escalate privileges under specific conditions.

Contents
Threat OverviewDetails of the VulnerabilitiesScan Your Computer for Free with SpyHunterExploitation and MitigationComprehensive Guide to Securing Your SystemScan Your Computer for Free with SpyHunterStep 1: Ensure Your System is UpdatedStep 2: Scan Your System with SpyHunterStep 3: Strengthen Your Security MeasuresEnable Multi-Factor Authentication (MFA)Use Strong, Unique PasswordsMonitor User Access and PermissionsImplement Network SegmentationStay Vigilant Against Phishing AttacksEnable Security Logging and MonitoringApply the Principle of Least Privilege (PoLP)ConclusionScan Your Computer for Free with SpyHunter

The affected vulnerabilities are:

  • CVE-2025-21396, CVSS score: 7.5 – Microsoft Account Elevation of Privilege Vulnerability
  • CVE-2025-21415, CVSS score: 9.9 – Azure AI Face Service Elevation of Privilege Vulnerability

Details of the Vulnerabilities

These vulnerabilities were reported by security researchers and have been patched by Microsoft. Below is a detailed summary:

CVE IDThreat TypeCVSS ScoreVulnerable ServiceDescription
CVE-2025-21396Elevation of Privilege7.5Microsoft AccountMissing authorization checks could allow an attacker to elevate privileges over a network.
CVE-2025-21415Elevation of Privilege9.9Azure AI Face ServiceAuthentication bypass issue allows an attacker to escalate privileges over a network.

Remove annoying malware threats like this one in seconds!

Scan Your Computer for Free with SpyHunter

Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!

Download SpyHunter 5
Download SpyHunter for Mac

Exploitation and Mitigation

CVE-2025-21415 stems from an authentication bypass flaw within Azure AI Face Service. If exploited, an attacker could gain elevated privileges over a network. A proof-of-concept (PoC) exploit code exists for this vulnerability, making it particularly severe.

On the other hand, CVE-2025-21396 is caused by missing authorization checks within the Microsoft Account system, allowing attackers to elevate their privileges without proper authentication.

Microsoft has confirmed that both vulnerabilities have been fully mitigated. Fortunately, customers are not required to take any additional actions, as Microsoft has applied security updates automatically.

Comprehensive Guide to Securing Your System

Remove annoying malware threats like this one in seconds!

Scan Your Computer for Free with SpyHunter

Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!

Download SpyHunter 5
Download SpyHunter for Mac

Although Microsoft has mitigated these vulnerabilities, organizations and users should take additional steps to ensure their systems remain secure. Below is a step-by-step guide to protecting your devices from potential security threats and removing any active threats with SpyHunter.

Step 1: Ensure Your System is Updated

Microsoft has already released patches for these vulnerabilities. Users should verify that their systems are fully updated:

  1. Open Windows Update Settings.
  2. Click Check for Updates.
  3. Install any available updates and restart your system.

Step 2: Scan Your System with SpyHunter

SpyHunter is a reliable anti-malware tool that detects and removes various security threats, including privilege escalation vulnerabilities. Here’s how to use it:

  1. Download SpyHunter.
  2. Install and launch SpyHunter.
  3. Click Start Scan Now to scan your system for potential vulnerabilities and threats.
  4. Review the scan results and remove any detected threats.
  5. Restart your system to complete the removal process.
Download SpyHunter 5
Download SpyHunter for Mac

Step 3: Strengthen Your Security Measures

To prevent future attacks, implement the following best practices:

Enable Multi-Factor Authentication (MFA)

  • Add an extra layer of security to your Microsoft Account and cloud services by enabling MFA.

Use Strong, Unique Passwords

  • Avoid using weak passwords. Use a password manager to generate and store strong passwords securely.

Monitor User Access and Permissions

  • Regularly review user access controls and privileges, ensuring that only authorized users have administrative rights.

Implement Network Segmentation

  • Divide your network into secure segments to limit the impact of a security breach.

Stay Vigilant Against Phishing Attacks

  • Cybercriminals often exploit users via phishing emails. Avoid clicking on suspicious links or downloading unknown attachments.

Enable Security Logging and Monitoring

  • Utilize Microsoft Defender and other security solutions to monitor network activity and detect any anomalous behavior.

Apply the Principle of Least Privilege (PoLP)

  • Restrict user privileges to only what is necessary to perform their duties.

Conclusion

Microsoft's swift action in patching CVE-2025-21396 and CVE-2025-21415 underscores the importance of proactive cybersecurity measures. While the company has fully mitigated these threats, users must remain vigilant and ensure their systems are fully updated.

By implementing strong security practices, using SpyHunter to detect and remove threats, and monitoring access permissions, individuals and organizations can reduce the risk of privilege escalation attacks in the future.

Remove annoying malware threats like this one in seconds!

Scan Your Computer for Free with SpyHunter

Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!

Download SpyHunter 5
Download SpyHunter for Mac

You Might Also Like

“Request By Admin Department” Email Scam
Advanced Persistent Threat Protection for Businesses
Zero Trust: How a Security Idea Became a Blueprint
Penetration Testing Services: Safeguarding Your Business from Cyber Threats
Cybersecurity Law Expiration Could Unleash New Ransomware Surge – Former FBI Official Sounds the Alarm
TAGGED:" "prevent cyber threatsauthentication bypassauthentication bypass vulnerabilityAzure AI Face Service exploitAzure AI Face Service vulnerabilityAzure cloud vulnerabilityAzure security flawcloud security threatsCVE-2025-21396CVE-2025-21415Cybersecurity best practicescybersecurity threat mitigationCybersecurity threat removalelevation of privilege vulnerabilityhow to protect Azure serviceshow to secure Microsoft AccountMicrosoft Account securityMicrosoft Account security flawMicrosoft cloud securityMicrosoft patch updateMicrosoft PoC exploitMicrosoft security update 2025Microsoft security updatesMicrosoft security vulnerabilitiesMicrosoft vulnerability fixmissing authorization checksnetwork securityphishing attack preventionprivilege escalation attackproof-of-concept exploit attack preventionprotect against hackingsecurity patch updatesecurity risk mitigationSpyHunter Malware Removalthreat intelligenceWindows security fix

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article V (Dharma) Ransomware: Analysis and Removal Guide
Next Article Suspicious Activity Monitoring in EDR: Strengthening Cybersecurity with Proactive Threat Detection
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Scan Your System for Malware

Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!

Download SpyHunter 5
Download SpyHunter for Mac
✅ Free Scan Available • ⭐ Catches malware instantly
//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Support

Sign Up for Our Newesletter

Subscribe to our newsletter to get our newest articles instantly!

 

www.itfunk.orgwww.itfunk.org
© 2023 www.itfunk.org. All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?