Microsoft Security Response Center Blog Alerts

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.

To comprehensively address CVE-2024-21302, Microsoft has released April 2025 security updates for all supported editions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.