Microsoft Security Response Center Blog Alerts

CVE-2025-21404 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Published February 6, 2025

Information published.

Chromium: CVE-2025-0444 Use after free in Skia

Published February 6, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.

CVE-2025-21396 Microsoft Account Elevation of Privilege Vulnerability

Published January 29, 2025

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-21415 Azure AI Face Service Elevation of Privilege Vulnerability

Published January 29, 2025

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

CVE-2024-43485 .NET and Visual Studio Denial of Service Vulnerability

Published January 29, 2025

Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/71](https://github.com/PowerShell/Announcements/issues/71) for more information.