In a nutshell: Critical vulnerabilities in Azure HorizonDB, Exchange Online, 365 Copilot, and Edge Copilot Chat allow privilege escalation and arbitrary code execution.
The German Federal Office for Information Security warns of critical vulnerabilities in multiple Microsoft cloud services that attackers can exploit for privilege escalation, code execution, and data disclosure.
The BSI points to multiple security gaps in Microsoft cloud services identified in Azure HorizonDB, Exchange Online, Microsoft 365 Copilot, and Copilot Chat in Edge. An attacker can exploit these vulnerabilities to elevate their privileges.
Upon successful exploitation, attackers can execute arbitrary code and access sensitive information. The vulnerabilities affect core services in cloud infrastructures that are widely deployed in enterprise environments, particularly among large organizations in the DACH region.
CISOs should identify affected systems, deploy available patches, and monitor for indicators of exploitation (unexpected privilege elevation, suspicious code execution in cloud sessions). Retrieve the complete vulnerability list and patch status in the BSI Advisory WID-SEC-2026-1792.
Source: wid.cert-bund.de · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.