Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account

Threat Overview

Microsoft has recently addressed two critical security vulnerabilities that posed potential threats to its cloud-based services. The security patches resolve vulnerabilities in Azure AI Face Service and Microsoft Account, both of which could have allowed cybercriminals to escalate privileges under specific conditions.

The affected vulnerabilities are:

• CVE-2025-21396, CVSS score: 7.5 – Microsoft Account Elevation of Privilege Vulnerability
• CVE-2025-21415, CVSS score: 9.9 – Azure AI Face Service Elevation of Privilege Vulnerability

Details of the Vulnerabilities

These vulnerabilities were reported by security researchers and have been patched by Microsoft. Below is a detailed summary:

CVE ID	Threat Type	CVSS Score	Vulnerable Service	Description
CVE-2025-21396	Elevation of Privilege	7.5	Microsoft Account	Missing authorization checks could allow an attacker to elevate privileges over a network.
CVE-2025-21415	Elevation of Privilege	9.9	Azure AI Face Service	Authentication bypass issue allows an attacker to escalate privileges over a network.

Exploitation and Mitigation

CVE-2025-21415 stems from an authentication bypass flaw within Azure AI Face Service. If exploited, an attacker could gain elevated privileges over a network. A proof-of-concept (PoC) exploit code exists for this vulnerability, making it particularly severe.

On the other hand, CVE-2025-21396 is caused by missing authorization checks within the Microsoft Account system, allowing attackers to elevate their privileges without proper authentication.

Microsoft has confirmed that both vulnerabilities have been fully mitigated. Fortunately, customers are not required to take any additional actions, as Microsoft has applied security updates automatically.

---

Comprehensive Guide to Securing Your System

Although Microsoft has mitigated these vulnerabilities, organizations and users should take additional steps to ensure their systems remain secure. Below is a step-by-step guide to protecting your devices from potential security threats and removing any active threats with SpyHunter.

Step 1: Ensure Your System is Updated

Microsoft has already released patches for these vulnerabilities. Users should verify that their systems are fully updated:

1. Open Windows Update Settings.
2. Click Check for Updates.
3. Install any available updates and restart your system.

Step 2: Scan Your System with SpyHunter

SpyHunter is a reliable anti-malware tool that detects and removes various security threats, including privilege escalation vulnerabilities. Here’s how to use it:

1. Download SpyHunter.
2. Install and launch SpyHunter.
3. Click Start Scan Now to scan your system for potential vulnerabilities and threats.
4. Review the scan results and remove any detected threats.
5. Restart your system to complete the removal process.

Step 3: Strengthen Your Security Measures

To prevent future attacks, implement the following best practices:

Enable Multi-Factor Authentication (MFA)

• Add an extra layer of security to your Microsoft Account and cloud services by enabling MFA.

Use Strong, Unique Passwords

• Avoid using weak passwords. Use a password manager to generate and store strong passwords securely.

Monitor User Access and Permissions

• Regularly review user access controls and privileges, ensuring that only authorized users have administrative rights.

Implement Network Segmentation

• Divide your network into secure segments to limit the impact of a security breach.

Stay Vigilant Against Phishing Attacks

• Cybercriminals often exploit users via phishing emails. Avoid clicking on suspicious links or downloading unknown attachments.

Enable Security Logging and Monitoring

• Utilize Microsoft Defender and other security solutions to monitor network activity and detect any anomalous behavior.

Apply the Principle of Least Privilege (PoLP)

• Restrict user privileges to only what is necessary to perform their duties.

---

Conclusion

Microsoft’s swift action in patching CVE-2025-21396 and CVE-2025-21415 underscores the importance of proactive cybersecurity measures. While the company has fully mitigated these threats, users must remain vigilant and ensure their systems are fully updated.

By implementing strong security practices, using SpyHunter to detect and remove threats, and monitoring access permissions, individuals and organizations can reduce the risk of privilege escalation attacks in the future.