Microsoft Patches Actively Exploited Zero-Day Flaws – CVE-2025-21418 & CVE-2025-21391
do son 
Microsoft has rolled out its February 2025 Patch Tuesday security updates, addressing 67 vulnerabilities across multiple products. This month’s patches include three critical and 53 important severity flaws, with fixes spanning Windows components, Microsoft Edge (Chromium-based), Windows LDAP, NTLM, DHCP Server, and more.
Notably, Microsoft has patched four zero-day vulnerabilities, including two actively exploited in attacks and two publicly disclosed before a fix was available.
This month, two zero-day vulnerabilities stand out due to their active exploitation:
- CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability – An attacker would only be able to delete targeted files on a system. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.
- CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
These vulnerablities have been added to CISA’s Known Exploited Vulnerabilities Catalog, confirming their use in ongoing attacks. This designation makes them top priorities for patching. While specific details might be limited to prevent further exploitation, the inclusion in the CISA catalog signals a significant threat.
Two publicly disclosed flaws before a fix was available include:
- CVE-2025-21377: NTLM Hash Disclosure Spoofing Vulnerability: This vulnerability could allow an attacker to steal a user’s NTLMV2 hash, a cryptographic representation of their password, which could then be used to impersonate the user.
- CVE-2025-21194: Microsoft Surface Security Feature Bypass Vulnerability: An attacker who has already gained access to a restricted network could exploit this vulnerability to bypass security features on Microsoft Surface devices.
Beyond the actively exploited vulnerabilities, other notable flaws were addressed:
- CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability: This vulnerability in the Lightweight Directory Access Protocol (LDAP), a crucial component for network authentication and directory services, could allow an unauthenticated attacker to execute arbitrary code. While exploitation requires a race condition, the potential impact of a successful attack on LDAP could be severe, potentially compromising entire networks.
- CVE-2025-21381: Microsoft Excel Remote Code Execution Vulnerability: This vulnerability in Microsoft Excel could allow attackers to execute code remotely. Given the widespread use of Excel, this vulnerability presents a significant risk, as malicious actors could potentially exploit it through crafted spreadsheet files.
Organizations and individuals should prioritize applying these updates to mitigate the risks posed by these and other identified vulnerabilities. Delaying updates can leave systems exposed to attacks, potentially leading to data breaches, system disruptions, and other damaging consequences.
