Patch Tuesday Vulnerability Report for February 2025

February 12, 2025

By Ravie Lakshmanan

Microsoft has released a series of security patches to address 63 vulnerabilities in its software products, including two zero-day flaws that have been actively exploited in the wild.

Vulnerability Breakdown:

• Critical (3):
  • CVE-2025-21391 (CVSS score: 7.1) – Windows Storage Elevation of Privilege Vulnerability: This vulnerability allows an attacker to delete targeted files on a system but does not disclosure of confidential information.
  • Undisclosed vulnerability for ‘svchost.exe’, review the earlier KB article for details.
  • CVE-2025-21418 (CVSS score: 7.8) – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability: This vulnerability has potential for privilege escalation in AFD.sys and could result in SYSTEM privileges.

Severity and Exploitation:

• Moderate (1):
  • CVE-2025-21395
• Low (2):
  • CVE-2025-21396

Impact on Current and Historical Systems:

• The North Korea-linked Lazarus Group was associated with weaponizing a similar flaw in the same AFD.sys component (CVE-2024-38193) released by Microsoft in August 2024. The exploit specifically targeted Microsoft Windows systems.
• Microsoft acknowledged a previously released risk that involved AppLocker driver (appid.sys) (CVE-2024-21338). By the time the vulnerability was released by Microsoft at that time. The exploit was listed as occurring in this month’s Patch Tuesday update over Windows kernel privilege escalation.
• Gen Digital had reported on vulnerabilities disclosed by Microsoft prior to the time it was recognized as an exploit.

Situational Awareness:

• Microsoft acknowledged the need of applying the known vulnerabilities categorized within the CISA’s list as Known Exploited Vulnerabilities Catalog by attempting to make governments and entities commit to patching their systems by the deadline of March 4th, 2025, prioritized to tackle the potential broader implications emanating from the vulnerabilities.

Microsoft’s More Serious Flaws:

• CVE-2025-21198: a remote code execution vulnerability (RCE) in the High Performance Compute (HPC) Pack, which could permit Remote Code Execution (RCE) on systems that incorporate the affected package.
• CVE-2025-21376: an RCE vulnerability impacting Windows Lightweight Directory Access Protocol (LDAP), which permits sending specially crafted requests to execute arbitrary code, namely permitting a race condition in the vulnerability against individual systems.

Feel Free to Read More
cybersecurity assertions," said Ben McCarthy, lead cybersecurity engineer at Immersive Labs.