Microsoft Addresses Elevation of Privilege Flaws Across Azure and Account Services
Microsoft has published security advisories for multiple elevation of privilege vulnerabilities affecting cloud and identity-related products, including Payment Orchestrator Service (CVE-2026-26125), Microsoft Account (CVE-2025-21396), Azure Bot Service (CVE-2025-55244), Azure PolicyWatch (CVE-2024-49052), and Azure CycleCloud (CVE-2022-41085). The issues were disclosed through the Microsoft Security Response Center and span both Azure platform components and Microsoft-managed account services.
The advisories provide limited public technical detail, but the affected products indicate potential risk to organizations relying on Microsoft cloud workloads, automation, policy management, bot integrations, and identity services. Security teams should review the relevant MSRC entries, determine whether exposed services are in use, and prioritize remediation for any impacted environments where privilege escalation could increase access to sensitive resources or administrative functions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-26125 in Payment Orchestrator Service
Microsoft published a Security Update Guide entry for CVE-2026-26125, an elevation of privilege vulnerability affecting Payment Orchestrator Service.
Microsoft discloses CVE-2025-55244 in Azure Bot Service
Microsoft published a Security Update Guide entry for CVE-2025-55244, an elevation of privilege vulnerability affecting Azure Bot Service.
Microsoft discloses CVE-2025-21396 in Microsoft Account
Microsoft published a Security Update Guide entry for CVE-2025-21396, an elevation of privilege vulnerability affecting Microsoft Account.
Microsoft discloses CVE-2024-49052 in Azure PolicyWatch
Microsoft published a Security Update Guide entry for CVE-2024-49052, an elevation of privilege vulnerability affecting Microsoft Azure PolicyWatch.
Microsoft discloses CVE-2022-41085 in Azure CycleCloud
Microsoft published a Security Update Guide entry for CVE-2022-41085, an elevation of privilege vulnerability affecting Azure CycleCloud.
Sources
5 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26125 - Security Update Guide - Microsoft - Payment Orchestrator Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-55244 - Security Update Guide - Microsoft - Azure Bot Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21396 - Security Update Guide - Microsoft - Microsoft Account Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-49052 - Security Update Guide - Microsoft - Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-41085 - Security Update Guide - Microsoft - Azure CycleCloud Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Discloses Elevation-of-Privilege Flaws Across Azure Services
Microsoft has published multiple Security Update Guide entries for elevation-of-privilege vulnerabilities affecting cloud services including **Azure Resource Manager**, **Azure Entra ID**, **Azure AI Foundry**, and **Redis Enterprise**. The disclosed issues include `CVE-2026-47280` and `CVE-2026-24304` in Azure Resource Manager, `CVE-2026-24305` and `CVE-2025-55241` in Azure Entra ID, `CVE-2025-59271` in Redis Enterprise, and `CVE-2026-35435` in Azure AI Foundry, indicating a broader set of privilege-boundary weaknesses across Microsoft-managed platforms. Microsoft provided the most detail for **CVE-2026-35435**, describing it as a **critical** improper access control flaw in Azure AI Foundry M365 published agents that could be exploited remotely over the network without privileges or user interaction, with potential for high confidentiality impact. The company said exploitation was considered more likely, but the vulnerability had not been publicly disclosed or exploited at publication time, and the service-side issue was already fully mitigated with **no customer action required**; the remaining CVEs were listed with limited public detail in the update guide.
May 25, 2026
Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two **Elevation of Privilege** flaws affecting Windows components: `CVE-2026-23660` in **Windows Admin Center in Azure Portal** and `CVE-2025-62472` in **Windows Remote Access Connection Manager**. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality. The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
May 25, 2026
Microsoft Fixes Privilege Escalation and Spoofing Flaws in Azure Databricks and Cloud Services
Microsoft disclosed three cloud-service vulnerabilities affecting **Azure Databricks**, **Microsoft Purview eDiscovery**, and **Microsoft Entra ID Entitlement Management**. The issues are tracked as **`CVE-2026-33107`**, an elevation-of-privilege flaw in Azure Databricks; **`CVE-2026-26150`**, an elevation-of-privilege flaw in Microsoft Purview eDiscovery; and **`CVE-2026-35431`**, a spoofing flaw in Microsoft Entra ID Entitlement Management. Microsoft published the advisories through its Security Update Guide, indicating that multiple enterprise cloud components required security attention at the same time. The affected products span analytics, compliance, and identity governance functions that are widely used in Microsoft-centric environments. While Microsoft provided limited public technical detail in the advisories, the vulnerability classifications indicate potential risks including unauthorized privilege gains in Databricks and Purview workflows, as well as identity or trust abuse scenarios involving Entra ID Entitlement Management. Organizations using these services should review the relevant Microsoft advisories, assess exposure in tenant configurations, and apply available mitigations or service updates through normal cloud security and change-management processes.
Apr 23, 2026