Microsoft Confirms Critical 10/10 Cloud Security Vulnerability
Microsoft confirms 10/10 Azure vulnerability.
SOPA Images/LightRocket via Getty Images
It's not often that a truly critical security vulnerability emerges that hits the maximum Common Vulnerability Scoring System severity rating of 10. This is one of those times.
Microsoft has confirmed multiple vulnerabilities rated as critical and impacting core cloud services, one of which has reached the unwelcome heights of that 10/10 criticality rating. The good news is that none are known to have been exploited in the wild, none have already been publicly disclosed, and as a user, there's nothing you need to do to protect your environment.
A total of four cloud security vulnerabilities have been confirmed by Microsoft, one of which hit the 10/10 rating, but two aren't a million miles short, both being given 9.9 ratings. The final vulnerability remains critical, with a CVSS severity rating of 9.1. Let's look at them in order of their criticality.
CVE-2025-29813
Critical Rating: 10.0
Azure DevOps Elevation of Privilege Vulnerability
Microsoft confirmed that this Azure DevOps pipeline token hijacking vulnerability is caused by an issue whereby Visual Studio improperly handles the pipeline job tokens, enabling an attacker to potentially extend their access to a project. 'To exploit this vulnerability,' Microsoft said, 'an attacker would first have to have access to the project and swap the short-term token for a long-term one.'
CVE-2025-29972
Critical Rating: 9.9
Azure Storage Resource Provider Spoofing Vulnerability
Microsoft said that this Azure server-side request forgery vulnerability could allow an authorized attacker to perform 'spoofing' over a network. In other words, a successful threat actor could exploit this vulnerability to distribute malicious requests that impersonate legitimate services and users.
CVE-2025-29827
Critical Rating: 9.9
Azure Automation Elevation of Privilege Vulnerability
Yet another Azure security vulnerability with an unbelievably high official severity rating of 9.9, this time enabling a successful hacker to elevate privileges across the network thanks to an improper authorization issue in Azure Automation.
CVE-2025-47733
Critical Rating: 9.1
Microsoft Power Apps Information Disclosure Vulnerability
Hooray, not Azure this time, and dropping on the criticality rating scale to a 9.1 as well. This vulnerability, as the name suggests, would allow an attacker to disclose information over the network. It's another server-side request forgery vulnerability but this time impacting Microsoft Power Apps.
Here's the really good news among the bad critical vulnerability disclosure stuff: there is no patch to install, no updates to deploy, and no action required by the user at all. 'This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take,' Microsoft said with regard to each of the cloud security issues mentioned. That's because it comes under the remit of what the Microsoft Security Response Center refers to as a commitment to provide comprehensive vulnerability information to customers, by detailing cloud service CVEs once they have been patched internally. 'In the past,' Microsoft said, 'cloud service providers refrained from disclosing information about vulnerabilities found and resolved in cloud services, unless customer action was required.' With the value of full transparency now properly understood, all that has changed. 'We will issue CVEs for critical cloud service vulnerabilities,' Microsoft confirmed, 'regardless of whether customers need to install a patch or to take other actions to protect themselves.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
27 minutes ago
- Forbes
iPhone iOS 26: Here's The Design Change Everyone Wants To Know About
Apple's big software extravaganza, WWDC25, starts on Monday morning, June 9. All the rumors point to a complete new look, the biggest design overhaul in more than a decade. So, what will the app icons look like? App icons on the iPhone Those app icons have gone through several evolutions already. In the first iPhone software released in 2007, the icons were square, with curved edges and a design that made them look 3D, as though they were slightly domed. Then, with iOS 7 in 2015, Apple ditched these icons for a layered, flatter look. And the shape of the square subtly changed. For the new update, iOS 16 as it's thought it will be called, there have been plenty of rumors about how the app icons — after all, the essential way to navigate a smartphone — will transform again. Many have suggested the icons will become circular. That makes a kind of sense, as the new OS is believed to have drawn inspiration from the Apple Vision Pro's visionOS software. However, a new report from Bloomberg's Mark Gurman has news about exactly what the app icons will look like. 'While there has been speculation that the app icons will be round to match the style on the Apple Watch and Vision Pro, the shape is staying largely the same on the iPhone and iPad,' he says. 'Largely' may be the key word. It sounds to me that the icons will remain essentially square with curved corners, but the shape of the corners will change, again. The move from iOS 6 to iOS 7 meant that the straight lines turned to curves further in, that is, the corners were, well, curvier. This time, perhaps the corners will change in the other direction. What's clear, though, is that the expectation of circular icons is rejected by Gurman. This makes sense to me: for circular icons sit nicely together, you could choose a galaxy of apps like you have on the Apple Watch, but that wouldn't work for the iPhone. Every mock-up I've seen with round apps jarred for me. Everything will be revealed in a matter of hours.
Yahoo
an hour ago
- Yahoo
Is this the ultimate US growth stock to consider buying now?
When it comes to the best US growth stocks to buy, most investors have had their sights on Nvidia (NASDAQ:NVDA). The graphic processing unit (GPU) chip designer has created some of the most powerful artificial intelligence (AI) accelerator semiconductors that data centres worldwide have rushed to buy, even at an enormous premium price tag. And as a result, the Nvidia share price has skyrocketed by over 1,400% in the last five years. However in 2025, this impressive momentum's seemingly started to calm. In fact, since the start of the year, Nvidia shares have actually fallen by around 3% – a significant change, of course, compared to the 120% gain achieved over the same period last year. And that's despite Nvidia's growth continuing to fire on all cylinders. So if the financials are still improving, but the share price isn't responding, are investors looking for a potential buying opportunity? There are 64 institutional investors tracking this business right now. And the consensus is pretty bullish, with 58 issuing either Buy or Outperform recommendations. As for price targets, the average forecast among analysts is $175 per share by this time next year – or roughly 30% higher than current levels. For a $3.3trn enterprise, a 30% potential gain's pretty enormous. But it certainly doesn't sound far-fetched. After all, Nvidia currently controls around 80% of the AI chip market, forming the backbone of global AI infrastructure. And with new AI as well as gaming chips on the horizon, the company's market dominance looks set to continue. Looking at the latest first-quarter earnings report, sales were firmly ahead of analyst expectations at $44.06bn, with the all-important data centre-related sales growing by 73% year-on-year. Pairing that with continued excessive free cash flow generation and chunky profit margins, it's not hard to understand why analysts are so bullish, especially with AI still largely in its infancy. Despite delivering 73% data centre sales growth, this was actually slower than what the firm could have delivered if it wasn't for US export restrictions on China. Specifically, the company was unable to deliver $2.5bn worth of its H20 chips to China, resulting in a $4.5bn charge relating to excess inventory and purchase obligations. With demand from China not expected to return while the export restrictions remain in place, management's warned that data centre-related revenues in the second quarter will suffer an $8bn hit. The good news is there's ample demand from non-China-based customers to offset this impact in the long run. The bad news is most of the group's sales are to a small collection of hyperscalers like Microsoft, Amazon, and Meta Platforms. And should any of these decide their AI infrastructure is sufficiently upgraded or decide to switch to competing cheaper AI chips from the likes of AMD, Nvidia's strong grip on the AI market could start to weaken. Despite the trade-related challenges Nvidia's having to navigate, it remains the industry titan. Its high-performance hardware's backed up by world-class software in the form of its CUDA libraries – a technological advantage that its peers simply don't have. That doesn't mean the firm's immune to disruption. But with shares now trading at a reasonable valuation, it's a stock that definitely seems worthy of a closer look, in my opinion. The post Is this the ultimate US growth stock to consider buying now? appeared first on The Motley Fool UK. More reading 5 Stocks For Trying To Build Wealth After 50 One Top Growth Stock from the Motley Fool John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Randi Zuckerberg, a former director of market development and spokeswoman for Facebook and sister to Meta Platforms CEO Mark Zuckerberg, is a member of The Motley Fool's board of directors. Zaven Boyrazian has no position in any of the shares mentioned. The Motley Fool UK has recommended Advanced Micro Devices, Amazon, Meta Platforms, Microsoft, and Nvidia. Views expressed on the companies mentioned in this article are those of the writer and therefore may differ from the official recommendations we make in our subscription services such as Share Advisor, Hidden Winners and Pro. Here at The Motley Fool we believe that considering a diverse range of insights makes us better investors. Motley Fool UK 2025
Yahoo
an hour ago
- Yahoo
Morgan Stanley Raises Sprinklr (CXM) PT to $10, Maintains Equal Weight Rating
On Thursday, Morgan Stanley analyst Elizabeth Porter raised the price target on Sprinklr Inc. (NYSE:CXM) to $10 from $8, while maintaining an Equal Weight rating on the shares. Porter noted that Sprinklr's Q1 2025 report showed progress in the company's transformation, with operational improvements and a stable near-term outlook. A software engineer working on a monitor in a modern office. Morgan Stanley is encouraged by the early stages of what is expected to be an approximately 18-month transformation and believes the shares appropriately reflect a turnaround story. The company's total revenue reached $205.5 million in Q1, which was up 5% year-over-year, and subscription revenue at $184.1 million, which was up 4%. Professional services revenue in particular was $21.4 million. The subscription and revenue-based net dollar expansion rate was 102%, and the company had 146 customers with $1 million or more in subscription revenue, which is up 6%. However, Sprinklr is facing longer sales cycles and increased scrutiny of enterprise spending due to macroeconomic uncertainty. The company is also contending with customer churn and downsell activity, which are impacting its net dollar expansion rate. The company anticipates a negative impact of $10 million on non-GAAP operating expenses due to foreign exchange rate volatility. Sprinklr Inc. (NYSE:CXM) provides global enterprise cloud software products. While we acknowledge the potential of CXM as an investment, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an extremely cheap AI stock that is also a major beneficiary of Trump tariffs and onshoring, see our free report on the best short-term AI stock. READ NEXT: and . Disclosure: None. This article is originally published at Insider Monkey. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
