Microsoft addresses critical security vulnerability in Azure environment

Microsoft's multi-cloud management solution Azure Arc, the serverless development environment Azure Functions, and the content delivery network (CDN) Azure Front Door were vulnerable. The technology company classifies the overall risk as critical.

Various security issues

In two cases (Azure Arc: CVE-2026-243012 "high"), (Azure Front Door: CVE-2026-24300 "critical"), attackers could have gained higher user privileges. After a successful attack on Azure Function, attackers would have had access to actually protected information (CVE-2026-21532 "high").

How attacks could occur in detail is currently unknown. In the security advisories for the vulnerabilities, linked under the CVE numbers in this article, Microsoft assures that they are not aware of any attacks at this time.

Admins don't need to do anything

The hardware and software manufacturer states that they have resolved the security issues server-side. Consequently, admins do not need to install any security patches, and instances are now protected from the described attack scenarios.

Read also

Microsoft Azure: AI accelerator Maia 200 aims to surpass Google TPU v7

---

On-Prem: Microsoft's extensive expansion of Azure Local

---

Azure HorizonDB: Microsoft's New PostgreSQL Database

---

Cloud Market: AWS, Azure, and Google Further Expand Dominance

---

Azure Cobalt 200: Microsoft's Second In-House ARM CPU for Cloud Servers

Mehr anzeigenWeniger anzeigen

(des)