On Tuesday, Microsoft released fixes for 63 security flaws affecting software products. This includes two vulnerabilities that he said were active in the wild.
Of the 63 vulnerabilities, three are rated as important, 57 are rated as important, one is medium and two are rated as low severity. This is apart from the 23 flaws handled in chrome-based Edge Browser since the release of the patch Tuesday update last month.
This update is well known for fixing two actively exploited flaws –
CVE-2025-21391 (CVSS score: 7.1) – Windows Storage Privilege Vulnerability Elevation CVE-2025-21418 (CVSS score: 7.8) – Windows Ancillary Function Driver for Winsock’s height in Winsock
“Attackers will be able to delete only the target files on the system,” Microsoft said in an alert on CVE-2025-21391. “This vulnerability does not allow confidential disclosure, but it would prevent an attacker from deleting data that could contain data that would result from the service.”
Mike Walters, president and co-founder of Action1, chains vulnerabilities with other flaws, escalates privileges, complicates recovery efforts, and covers tracks by threat actors removing important forensic artifacts. He pointed out that subsequent actions can be taken to make it possible.
Meanwhile, CVE-2025-21418 concerns a case of privilege escalation in Afd.sys that can be exploited to achieve system privileges.
It is worth noting that similar defects in the same component (CVE-2024-38193) were revealed to have been weaponized last August by the Lazarus group associated with North Korea. In February 2024, the tech giant also offered out a Windows Kernel Privilege Escalation Fault (CVE-2024-21338) that affects Applocker drivers (AppID.SYS) that were also exploited by hacking crews.
These attack chains take advantage of the security flaws of native Windows drivers, resulting in traditional vulnerable drivers (BYOVD) attacks, thereby revealing the need to deploy other drivers into the target environment. That’s why it stands out.
Currently, it is unknown whether CVE-2025-21418 abuse also links to the Lazarus group. The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that it has announced that it has both been approved in the Known Exploited Vulnerabilities (KEV) catalog, which requires federal agencies to be patched by March 4, 2025. Added a defect.
The most serious flaw Microsoft deals with in this month’s update is CVE-2025-21198 (CVSS score: 9.0), a remote code execution (RCE) vulnerability in the High Performance Calculation (HPC) Pack.
“Attackators send a specially created HTTPS request to the target head node and send it to a Linux computer node that grants the ability to perform RCE on other clusters or nodes connected to the target head node. , we can take advantage of this vulnerability,” Microsoft said.
Also, another RCE vulnerability affecting Windows Lightweight Directory Access Protocol (LDAP) that allows attackers to send specially written requests to execute arbitrary code (CVE-2025-21376, CVSS score: 8.1) It is also worth mentioning. However, successful exploitation of flaws requires threat actors to win over their racial state.
“Given the integrity of LDAP for Active Directory, which supports authentication and access control in an enterprise environment, compromise can lead to lateral movements, privilege escalations, and widespread network violations.”
Elsewhere, this update also resolves the NTLMV2 hash disclosure vulnerability (CVE-2025-21377, CVSS score: 6.5).
Software patches from other vendors
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks, rectifying several vulnerabilities, including -.
Source link
