Traditionally, cloud platforms only disclosed vulnerabilities requiring customer action, but Microsoft’s initiative aims to improve overall industry security through greater transparency regarding cloud infrastructure vulnerabilities. The vulnerabilities underscore the rising complexity and interconnection of cloud platforms, emphasizing the need for strong security measures and ongoing monitoring. These high-severity flaws, disclosed on May 9, 2025, could potentially allow attackers to escalate privileges and compromise cloud environments, though Microsoft confirms none have been exploited in the wild. Organizations remain vigilant about cloud security postures despite automatic mitigations, as cloud environments continue to be prime targets for sophisticated threat actors. These disclosures align with Microsoft’s ongoing cloud security transparency initiative launched in June 2024. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The company now publishes CVEs for critical cloud service vulnerabilities regardless of whether customers need to take action. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Microsoft engineers identified the root cause in how Visual Studio improperly handles pipeline job tokens, implementing a correction in token handling logic to prevent privilege escalation. This spoofing vulnerability enabled authorized attackers to craft requests that impersonated other services or users, potentially leading to unauthorized data access.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 09:55:06 +0000