Microsoft Patch Tuesday – February 11, 2025 – 55 Vulnerabilities Fixed, 4 Zero-Days Exploited in the Wild

[ChatGPT]

Microsoft has released its February 2025 Patch Tuesday security updates, addressing a total of 55 vulnerabilities across various Windows products. Among these, 3 are classified as critical, and 4 are zero-day vulnerabilities, with 2 actively exploited in the wild.

Critical Vulnerabilities​

• CVE-2025-21376 – Windows LDAP Remote Code Execution (RCE)
• Affected: Windows Lightweight Directory Access Protocol (LDAP)
• Exploitation requires a race condition via a specially crafted request.
• Could lead to arbitrary code execution in the Local Security Authority Subsystem Service (lsass.exe).
• CVSS Score: 8.1 (More likely to be exploited).
• CVE-2025-21379 – Windows DHCP Client RCE
• Affected: Windows DHCP Client Service.
• Exploitation could allow an attacker to execute arbitrary code via network packet manipulation.
• CVSS Score: 7.1 (Less likely to be exploited).
• CVE-2025-21177 – Microsoft Dynamics 365 SSRF Privilege Escalation
• Allows an authorized attacker to elevate privileges over a network.
• Impact: Can be used to gain unauthorized access to sensitive data.

Zero-Day Vulnerabilities (Actively Exploited)​

• CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege
• Impact: Allows local, authenticated attackers to gain SYSTEM-level privileges.
• Status: Exploited in the wild.
• CVE-2025-21391 – Windows Storage Privilege Escalation
• Impact: Attackers can delete system files, potentially causing service disruptions.
• Status: Exploited in the wild.
• CVE-2025-21194 – Microsoft Surface Security Feature Bypass
• Impact: Allows an attacker to bypass security protections, requiring network access and user interaction.
• Status: Publicly disclosed before patch availability.
• CVE-2025-21377 – NTLMv2 Hash Spoofing Vulnerability
• Impact: Attackers could steal NTLMv2 authentication hashes.
• Status: Publicly disclosed before patch availability.

Additional Notable Vulnerabilities​

• CVE-2025-21381 – Microsoft Excel RCE
• Exploitable via the Preview Pane in Excel.
• Risk: Could allow remote execution of malicious files.
• CVE-2025-21368 & CVE-2025-21369 – Windows Authentication RCE
• Allows remote code execution by sending malicious logon requests to domain controllers.
• Risk: Any authenticated attacker can trigger these without needing elevated privileges.

Recommendations​

Microsoft strongly advises users to install the latest security updates immediately to mitigate these vulnerabilities. Organizations should also:

• Enable automatic updates to ensure patches are applied as soon as possible.
• Review Microsoft's official Security Update Guide for further details on affected versions.
• Monitor for unusual activity in systems where these vulnerabilities could be exploited.

For more details, visit https://msrc.microsoft.com/update-guide.