A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources.
An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stack user portal.
The update addresses the vulnerability by changing how Azure Stack handles certain requests.