Multiple Microsoft Azure Vulnerabilities Enable Privilege Escalation
Germany's dCERT published two advisories covering multiple vulnerabilities in Microsoft Azure, with the later notice stating that the flaws can allow privilege escalation. The advisories identify Azure as the affected platform but provide no public synopsis, indicating only that several security issues were addressed across the cloud service.
The paired notices suggest an evolving disclosure in which Microsoft Azure vulnerabilities were first reported broadly and then updated with a more specific impact assessment tied to elevated privileges. Organizations using Azure should review the corresponding vendor guidance and remediation information for the affected services, prioritize patching, and assess whether exposed identities, roles, or cloud resources could be affected by unauthorized privilege gains.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes Microsoft Azure multiple vulnerabilities advisory
dCERT issued Advisory 2026-1392 for Microsoft Azure covering multiple vulnerabilities. No technical synopsis was provided in the reference.
dCERT publishes Microsoft Cloud Products vulnerabilities advisory
dCERT issued Advisory 2026-1236 covering multiple vulnerabilities in Microsoft Cloud Products. No technical synopsis was provided in the reference.
dCERT reports Azure vulnerabilities enabling privilege escalation
dCERT published Advisory 2026-1077 on additional Microsoft Azure vulnerabilities, specifically noting that multiple flaws allow privilege escalation. This represents a new disclosed development beyond the earlier generic advisory.
dCERT publishes Azure multiple vulnerabilities advisory
dCERT issued Advisory 2026-0944 for Microsoft Azure covering multiple vulnerabilities. No further technical synopsis was provided in the reference.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1392 - Microsoft Azure: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-1236 - Microsoft Cloud Products: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-1077 - Microsoft Azure: Multiple Vulnerabilities allow privilege escalation
dcert.de
Open sourcedCERT - Advisory 2026-0944 - Microsoft Azure: Multiple Vulnerabilities
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two **Elevation of Privilege** flaws affecting Windows components: `CVE-2026-23660` in **Windows Admin Center in Azure Portal** and `CVE-2025-62472` in **Windows Remote Access Connection Manager**. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality. The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
May 25, 2026
Microsoft Discloses Elevation-of-Privilege Flaws Across Azure Services
Microsoft has published multiple Security Update Guide entries for elevation-of-privilege vulnerabilities affecting cloud services including **Azure Resource Manager**, **Azure Entra ID**, **Azure AI Foundry**, and **Redis Enterprise**. The disclosed issues include `CVE-2026-47280` and `CVE-2026-24304` in Azure Resource Manager, `CVE-2026-24305` and `CVE-2025-55241` in Azure Entra ID, `CVE-2025-59271` in Redis Enterprise, and `CVE-2026-35435` in Azure AI Foundry, indicating a broader set of privilege-boundary weaknesses across Microsoft-managed platforms. Microsoft provided the most detail for **CVE-2026-35435**, describing it as a **critical** improper access control flaw in Azure AI Foundry M365 published agents that could be exploited remotely over the network without privileges or user interaction, with potential for high confidentiality impact. The company said exploitation was considered more likely, but the vulnerability had not been publicly disclosed or exploited at publication time, and the service-side issue was already fully mitigated with **no customer action required**; the remaining CVEs were listed with limited public detail in the update guide.
May 25, 2026
Multiple Vulnerabilities Disclosed in Golang Go and Microsoft Azure Services
Germany's dCERT published advisories for multiple vulnerabilities affecting **Golang Go** and several **Microsoft Azure** services, including **Azure DevOps**, **Data Factory**, and **Cloud Shell**. The Go advisory states that multiple flaws could allow an unspecified attack, indicating potential security impact in applications or environments that rely on the language runtime and related components. A separate dCERT advisory reported multiple vulnerabilities in Microsoft's cloud platform components, expanding the scope of exposure to development, automation, and shell-access services in Azure. While technical details and exploit conditions were not provided in the advisories, the disclosures indicate that organizations using these technologies should review vendor guidance, identify affected deployments, and prioritize remediation once patches or mitigations are available.
May 8, 2026