MR - stock.adobe.comNewsMicrosofts February 2025 Patch Tuesday corrects 57 bugs, three critical Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are criticalByBrian McKenna,Enterprise Applications EditorPublished: 12 Feb 2025 16:00 Microsoft followed up its massive January Patch Tuesdayupdate containing fixes for 159 vulnerabilities with a more modest crop this month. This time, it released fixes for 57 new Common Vulnerabilities and Exposures (CVEs) in its update, three of which are critical.Dustin Childs of theZero Day Initiative described one of the vulnerabilities as unprecedented in the wild. This is a Windows storage elevation of privilege (EOP) vulnerability, CVE-2025-21391.In a blog post, Childs said: This is a type of bug we havent seen exploited publicly. The vulnerability allows an attacker to delete targeted files. How does this lead to privilege escalation? My colleague Simon Zuckerbraun details the technique here. While weve seen similar issues in the past, this does appear to be the first time the technique has been exploited in the wild. Its also likely paired with a code execution bug to completely take over a system. Test and deploy this quickly.In Computer Weeklys sister title SearchWindowsServer, Tom Walat picked out two new zero-day vulnerabilities that Microsoft has fixed in this Patch Tuesday, including the EOP that Childs highlighted.The first new zero-day is a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability (CVE-2025-21418) rated important with a CVSS (Common Vulnerability Scoring System) score of 7.8. This bug affects all currently supported Windows desktop and server systems, he wrote.The second new zero-day is the storage EOP vulnerability (CVE-2025-21391) that Childs commented on, to which Walat added: To exploit the vulnerability, the attacker only needs local access to the network with low privileges. If successful, the attacker can delete files on a system to cause service disruptionsand possibly perform other actions, such as elevating their privileges.Childs also picked out CVE-2025-21376, a Windows Lightweight Directory Access Protocol (LDAP) remote code execution (RCE) vulnerability. This vulnerability allows a remote, unauthenticated attacker to run their code on an affected system simply by sending a maliciously crafted request to the target, he wrote. Since theres no user interaction involved, that makes this bug wormable between affected LDAP servers. Microsoft lists this as exploitation likely, so even though this may be unlikely, I would treat this as an impending exploitation. Test and deploy the patch quickly.In the CVE notes to this critical vulnerability, which has a CVSS rating of 8.1, Microsoft stated: An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in a buffer overflow which could be leveraged to achieve remote code execution.There are also several Microsoft Excel bug fixes in this update, including CVE-2025-21387, an RCE vulnerability. This is one of several Excel fixes where the Preview Pane is an attack vector, which is confusing as Microsoft also notes that user interaction is required, said Childs. They also note that multiple patches are required to address this vulnerability fully. This likely can be exploited either by opening a malicious Excel file or previewing a malicious attachment in Outlook. Either way, make sure you get all the needed patches tested and deployed.This vulnerability is one of six Excel flaws that Microsoft corrected this month, in what proved to be a relatively light Patch Tuesday.Read more about Patch TuesdayFebruary 2025: Microsoft plugs two zero-days for February Patch Tuesday.January 2025: The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity including eight zero-day flaws.December 2024: Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flawin the Lightweight Directory Access Protocol.November 2024: High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Servershould be prioritised from Novembers Patch Tuesday update.October 2024: Stand-out vulnerabilities in Microsofts latest Patch Tuesday drop include problems in Microsoft Management Consoleand the Windows MSHTML Platform.September 2024: Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilitieswill keep admins busy.August 2024: Microsoft patches six actively exploited zero-days among over 100 issuesduring its regular monthly update.July 2024: Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-daysingled out for urgent attention.June 2024: An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address inMicrosofts latest Patch Tuesday update.May 2024: A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malwarethat is drawing attention.April 2024: Support for the Windows Server 2008 OS ended in 2020, but four years on and there's a live exploit of a security flawthat impacts all Windows users.March 2024: Two critical vulnerabilities in Windows Hyper-V stand out onan otherwise unremarkable Patch Tuesday.February 2024: Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket,among more than 70 issues.In The Current Issue:Digging into the CMAs provisional take on AWS and Microsofts hold on UK cloud marketInterview: Digital tech fuels AutoTraders drive into the futureDownload Current IssueA road-warrior kit: Dell Pro keyboard, mouse, briefcase & backpack Inspect-a-GadgetSLM series: NTT DATA - Cost-effective solutions for real-time industrial AI CW Developer NetworkView All Blogs