Jump to content
  • Sign Up
×
×
  • Create New...

Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

This is the hidden content, please
’s February 2025 Patch Tuesday corrects 57 bugs, three critical

This is the hidden content, please
followed up its massive January Patch Tuesday update containing fixes for 159 vulnerabilities with a more modest crop this month. This time, it released fixes for 57 new
This is the hidden content, please
in its
This is the hidden content, please
, three of which are critical.

Dustin Childs of the 

This is the hidden content, please
described one of the vulnerabilities as unprecedented in the wild. This is a Windows storage elevation of privilege (EOP) vulnerability,
This is the hidden content, please
.

In a blog post, Childs said: “This is … a type of bug we haven’t seen exploited publicly. The vulnerability allows an attacker to delete targeted files. How does this lead to privilege escalation? My colleague Simon Zuckerbraun

This is the hidden content, please
. While we’ve seen similar issues in the past, this does appear to be the first time the technique has been exploited in the wild. It’s also likely paired with a code execution bug to completely take over a system. Test and deploy this quickly.”

In Computer Weekly’s sister title SearchWindowsServer,

This is the hidden content, please
two new
This is the hidden content, please
vulnerabilities that
This is the hidden content, please
has fixed in this Patch Tuesday, including the EOP that Childs highlighted.

“The first new zero-day is a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability (CVE-2025-21418) rated important with a CVSS (

This is the hidden content, please
) score of 7.8. This bug affects all currently supported Windows desktop and server systems,” he wrote.

The second new zero-day is the storage EOP vulnerability (CVE-2025-21391) that Childs commented on, to which Walat added: “To exploit the vulnerability, the attacker only needs local access to the network with low privileges. If successful, the attacker can delete files on a system to

This is the hidden content, please
 and possibly perform other actions, such as elevating their privileges.”

Childs also picked out

This is the hidden content, please
, a Windows Lightweight Directory Access Protocol (LDAP)
This is the hidden content, please
vulnerability. “This vulnerability allows a remote, unauthenticated attacker to run their code on an affected system simply by sending a maliciously crafted request to the target,” he wrote. “Since there’s no user interaction involved, that makes this bug wormable between affected LDAP servers.
This is the hidden content, please
lists this as ‘exploitation likely’, so even though this may be unlikely, I would treat this as an impending exploitation. Test and deploy the patch quickly.”

In the CVE notes to this “critical” vulnerability, which has a CVSS rating of 8.1,

This is the hidden content, please
stated: “An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in a buffer overflow which could be leveraged to achieve remote code execution.”

There are also several

This is the hidden content, please
Excel bug fixes in this update, including
This is the hidden content, please
, an RCE vulnerability. “This is one of several Excel fixes where the Preview Pane is an attack vector, which is confusing as
This is the hidden content, please
also notes that user interaction is required,” said Childs. “They also note that multiple patches are required to address this vulnerability fully. This likely can be exploited either by opening a malicious Excel file or previewing a malicious attachment in
This is the hidden content, please
. Either way, make sure you get all the needed patches tested and deployed.”

This vulnerability is one of six Excel flaws that

This is the hidden content, please
corrected this month, in what proved to be a relatively light
This is the hidden content, please
.



This is the hidden content, please

#Microsofts #February #Patch #Tuesday #corrects #bugs #critical

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept