Microsoft Patches Critical Azure AI Face Security Bug

Updates have been issued by Microsoft to resolve a critical authentication bypass by spoofing flaw in its Azure AI Face service, tracked as CVE-2025-21415, which attackers could exploit to facilitate privilege escalation, reports SC Media.

Additional details regarding potential authentication evasion via deepfake or other exploits remain unclear but Microsoft confirmed that the vulnerability — which has already been addressed without the need for any user action — had not been exploited by threat actors. Also addressed by Microsoft was a high-severity privilege escalation issue in Microsoft accounts, tracked as CVE-2025-21396.

While such a development was indicative of the escalating threats to facial recognition-based authentication, with a 2024 Gartner report expecting a loss of trust in facial biometric systems by next year, Microsoft's immediate action has been commended by experts.

"This is the way technology is supposed to work and the way enterprise software vendors establish trust in the marketplace," said Jim Routh, chief trust officer at Saviynt.