Head Topics

Microsoft Confirms Critical 10/10 Cloud Security Vulnerability

Microsoft Cloud News

Microsoft Confirms Critical 10/10 Cloud Security Vulnerability
AzureMicrosoft AzureMicrosoft Azure Security
  • 📰 ForbesTech
  • ⏱ Reading Time:
  • 147 sec. here
  • 12 min. at publisher
  • 📊 Quality Score:
  • News: 90%
  • Publisher: 59%

Microsoft has confirmed several cloud security vulnerabilities, including one with a maximum critical rating of 10.

security vulnerability emerges that hits the maximum Common Vulnerability Scoring System severity rating of 10. This is one of those times.rated as critical and impacting core cloud services, one of which has reached the unwelcome heights of that 10/10 criticality rating.

The good news is that none are known to have been, none have already been publicly disclosed, and as a user, there’s nothing you need to do to protect your environment. A total of four cloud security vulnerabilities have been confirmed by Microsoft, one of which hit the 10/10 rating, but two aren’t a million miles short, both being given 9.9 ratings. The final vulnerability remains critical, with a CVSS severity rating of 9.1. Let’s look at them in order of their criticality.Leo XIV Delivers Mass On First Full Day As Pope: Urges Missionary Work To Uplift ‘Ordinary People’ Microsoft confirmed that this Azure DevOps pipeline token hijacking vulnerability is caused by an issue whereby Visual Studio improperly handles the pipeline job tokens, enabling an attacker to potentially extend their access to a project. “To exploit this vulnerability,” Microsoft said, “an attacker would first have to have access to the project and swap the short-term token for a long-term one.”Microsoft said that this Azure server-side request forgery vulnerability could allow an authorized attacker to perform “spoofing” over a network. In other words, a successful threat actor could exploit this vulnerability to distribute malicious requests that impersonate legitimate services and users.Yet another Azure security vulnerability with an unbelievably high official severity rating of 9.9, this time enabling a successful hacker to elevate privileges across the network thanks to an improper authorization issue in Azure Automation.Hooray, not Azure this time, and dropping on the criticality rating scale to a 9.1 as well. This vulnerability, as the name suggests, would allow an attacker to disclose information over the network. It’s another server-side request forgery vulnerability but this time impacting Microsoft Power Apps.Here’s the really good news among the bad critical vulnerability disclosure stuff: there is no patch to install, no updates to deploy, and no action required by the user at all. “This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take,” Microsoft said with regard to each of the cloud security issues mentioned. That’s because it comes under the remit of what the Microsoft Security Response Center refers to as a commitment to provide comprehensive vulnerability information to customers, by detailing cloud service CVEs once they have been patched internally. “In the past,” Microsoft said, “cloud service providers refrained from disclosing information about vulnerabilities found and resolved in cloud services, unless customer action was required.” With the value of full transparency now properly understood, all that has changed. “We will issue CVEs for critical cloud service vulnerabilities,” Microsoft confirmed, “regardless of whether customers need to install a patch or to take other actions to protect themselves.”

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

ForbesTech /  🏆 318. in US

Azure Microsoft Azure Microsoft Azure Security Microsoft Azure Vulnerability Cloud Computing Security Cloud Vulnerability Cloud Security Warning Devops

 

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

10 Modern Rap Albums With 10/10 Lyrics That I Can't Get Enough Of10 Modern Rap Albums With 10/10 Lyrics That I Can't Get Enough OfTyler the Creator Yonkers
Read more »

Why 10-10-10 Is the Best Marathon Pacing StrategyWhy 10-10-10 Is the Best Marathon Pacing StrategyJeff and Aly talk through the three separate blocks of the 10-10-10 marathon pacing strategy to help you understand it and use it effectively on race day.
Read more »

10 No Skip 10/10 Classic Rock Albums From The 1980s10 No Skip 10/10 Classic Rock Albums From The 1980s1980s albums Bruce Springsteen, emBorn in the U.S.A. /emand Rush, emMoving Pictures/em
Read more »

Microsoft Confirms $1.50 Windows Security Update Fee Starts July 1Microsoft Confirms $1.50 Windows Security Update Fee Starts July 1Microsoft is to charge for a new Windows Server security update feature — what you need to know.
Read more »

Microsoft Confirms Password Spraying Attack — What You Need To KnowMicrosoft Confirms Password Spraying Attack — What You Need To KnowMicrosoft pins password spraying attack on Storm-1977 hackers, leaving accounts compromised.
Read more »

Microsoft Confirms You Cannot Cancel New Windows PC UpdateMicrosoft Confirms You Cannot Cancel New Windows PC UpdateYour PC is being updated — like it or not.
Read more »



Render Time: 2026-04-01 22:50:48