Pierluigi Paganini
February 12, 2025
Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these vulnerabilities are listed as publicly known, and two are actively exploited in the wild.
Three of these vulnerabilities are rated Critical, 53 are rated Important, and one is rated Moderate in severity.
The actively exploited vulnerabilities are a Windows Storage Elevation of Privilege Vulnerability (CVE-2025-21391) and Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2025-21418).
CVE-2025-21391 is a Windows Storage privilege escalation flaw exploited in the wild. It allows attackers to delete files and may be paired with code execution for full system takeover.
“An attacker would only be able to delete targeted files on a system.” reads the advisory. “This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.”
CVE-2025-21418 is a Windows Ancillary Function Driver for WinSock privilege escalation flaw. It could allow an authenticated user to run a crafted program to gain SYSTEM privileges, likely paired with code execution for full system takeover.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory.
The other zero-day flaws labeled as publicly disclosed:
The full list of flaws addressed by Microsoft for Microsoft Patch Tuesday security updates for February 2025 is available here.
“After a couple of record-breaking releases, this volume of fixes is more in line with expectations. Let’s hope this trend, rather than monster releases, remains the norm for 2025.” states ZDI.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Patch Tuesday)
