Microsoft Security Response Center Blog Alerts

CVE-2025-21396 Microsoft Account Elevation of Privilege Vulnerability

Posted on Wednesday January 29, 2025

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

 

CVE-2025-21415 Azure AI Face Service Elevation of Privilege Vulnerability

Posted on Wednesday January 29, 2025

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

 

CVE-2024-43485 .NET and Visual Studio Denial of Service Vulnerability

Posted on Wednesday January 29, 2025

Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/71](https://github.com/PowerShell/Announcements/issues/71) for more information.

 

Chromium: CVE-2025-0612 Out of bounds memory access in V8

Posted on Monday January 27, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

 

Chromium: CVE-2025-0611 Object corruption in V8

Posted on Monday January 27, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

 

CVE-2025-21262 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Posted on Friday January 24, 2025

Information published.

 

Page:   12345...93

Celebrating 35+ Years

Managed Computer Support Services

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016