Skip to main content

Scheduled updates for Microsoft products, including security updates for 63 vulnerabilities, of which two are reported as exploited

Threat ID:CC-4618
Threat Severity:Medium
Published:12 February 2025 12:04 PM

Summary

Scheduled updates for Microsoft products, including security updates for 63 vulnerabilities, of which two are reported as exploited

Affected platforms

The following platforms are known to be affected:

Microsoft Windows
Microsoft Windows Server
Microsoft Office

The following platforms are also known to be affected:

  • Microsoft Dynamics 365 Sales
  • Active Directory Domain Services
  • Azure Network Watcher
  • Microsoft AutoUpdate (MAU)
  • Microsoft Digest Authentication
  • Microsoft Edge (Chromium-based)
  • Microsoft Edge for iOS and Android
  • Microsoft High Performance Compute Pack (HPC) Linux Node Agent
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft PC Manager
  • Microsoft Streaming Service
  • Microsoft Surface
  • Outlook for Android
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows CoreMessaging
  • Windows DHCP Client
  • Windows DHCP Server
  • Windows Disk Cleanup Tool
  • Windows DWM Core Library
  • Windows Installer
  • Windows Internet Connection Sharing (ICS)
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Message Queuing
  • Windows NTLM
  • Windows Remote Desktop Services
  • Windows Resilient File System (ReFS) Deduplication Service
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Setup Files Cleanup
  • Windows Storage
  • Windows Telephony Server
  • Windows Telephony Service
  • Windows Update Stack
  • Windows Win32 Kernel Subsystem

Threat details

Exploitation of CVE-2025-21418 and CVE-2025-21391

Microsoft has stated that exploitation of the vulnerabilities CVE-2025-21418 and CVE-2025-21391 has been observed. NHS England's National CSOC considers further exploitation as highly likely.


Introduction

Microsoft has released security updates to address 63 vulnerabilities in Microsoft products. Six vulnerabilities are outlined below, of which two are exploited and four are considered critical.



Vulnerability details

  • CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-21418 is a 'heap-based buffer overflow' vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation could allow an attacker to escalate privileges and gain SYSTEM privileges. Microsoft reports that this vulnerability is under exploitation.

  • CVE-2025-21391 - Windows Storage Elevation of Privilege Vulnerability

CVE-2025-21391 is a 'link following' vulnerability in Windows and Windows Server with a CVSSv3 score of 7.1. Successful exploitation could allow an attacker to escalate privileges and gain the ability to delete targeted files on a system. Microsoft reports that this vulnerability is under exploitation.

  • CVE-2025-21177 - Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

CVE-2025-21177 is a critical 'server-side request forgery’ vulnerability in Microsoft Dynamics 365 Sales with a CVSSv3 score of 8.7. Successful exploitation could allow a remote unauthenticated attacker to escalate privileges. Microsoft reports that this vulnerability has already been fully mitigated and no action from users is required.

  • CVE-2025-21381 - Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21381 is a critical ’untrusted pointer dereference' vulnerability in Microsoft Excel, Microsoft Office, Microsoft 365 Apps, and Office Online Server with a CVSSv3 score of 7.8. The Preview Pane is considered an attack vector. Successful exploitation could allow an attacker to execute arbitrary code.

  • CVE-2025-21379 - DHCP Client Service Remote Code Execution Vulnerability

CVE-2025-21379 is a critical ‘use after free’ vulnerability in Windows 11 and Windows Server 2025 with a CVSSv3 score of 7.1. Successful exploitation could allow an attacker to perform a machine-in-the-middle attack, leading to remote code execution

  • CVE-2025-21376 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2025-21376 is a critical vulnerability in Windows and Windows Server Lightweight Directory Access Protocol with a CVSSv3 score of 8.1. Successful exploitation could result in a buffer overflow, which a unauthenticated attacker could leverage to achieve remote code execution.

Remediation advice

Affected organisations are encouraged to review Microsoft's February 2025 Security Updates and apply the relevant updates as soon as practicable.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2025-21418Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
StatusPublished
CVE-2025-21391Windows Storage Elevation of Privilege Vulnerability
StatusPublished
CVE-2025-21177Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
StatusPublished
CVE-2025-21381Microsoft Excel Remote Code Execution Vulnerability
StatusPublished
CVE-2025-21379DHCP Client Service Remote Code Execution Vulnerability
StatusPublished
CVE-2025-21376Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Last edited: 12 February 2025 12:04 pm

Back to top