4d • Azure News
Azure News - September 29th, 2025
1. Microsoft disables certain Azure/AI services used by an Israeli military unit.
Following investigative reporting and an internal review, Microsoft says it has ceased and disabled a set of Azure and AI services used by a unit of the Israel Ministry of Defense (IMOD). Microsoft says the decision targets particular services used by that unit after finding evidence consistent with the reporting; the company also emphasized it did not access customer content during the review. The move follows employee protests and public pressure and represents a rare case of a major cloud provider limiting customer access on human-rights grounds.
2. Critical Entra ID (Azure AD) elevation-of-privilege patched (CVE-2025-55241)
Microsoft patched a severe Entra ID vulnerability (tracked as CVE-2025-55241) that could lead to cross-tenant token impersonation and global privilege escalation. The flaw — tied to legacy token/actor-token validation paths — received a top severity rating and prompted an emergency patch; Microsoft reports no confirmed exploitation in the wild but urged tenant owners to validate fixes. Security teams are advised to audit token issuance, rotate high-value credentials, and retire deprecated Graph flows.
2
2 comments
Azure News - September 29th, 2025
powered by
skool.com/azuredevops-6924
From spinning up Azure environments to creating Kubernetes clusters and refining DevOps practices, I’m here to make infrastructure accessible and fun.
Suggested communities
Powered by