The Microsoft Azure Sphere allows a local attacker to run arbitrary codes on the system. The attack vector of the vulnerability is local, and an attacker can exploit the vulnerability using a specially-crafted program that executes arbitrary codes on the victim’s server.
The Microsoft Azure DevOps Server vulnerability allows an attacker to conduct spoofing attacks on the victim’s system. The vulnerability could be exploited to cause a negative impact on integrity. The collection settings, with the process template function, allows uploading of a ZIP file on the system.
Download the latest patches for the affected products at https://docs.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020?view=azure-devops&branch=releasenotes%2Fmarchpatch#azure-devops-server-202001-patch-2-release-date-march-9-202