On the latest Patch Tuesday, Microsoft rolled out critical updates to address 63 security vulnerabilities across its software products. Among these, two vulnerabilities have emerged as actively exploited in the wild, highlighting the urgency for users and organizations to apply these patches promptly.
Overview of Vulnerabilities
The recent update categorizes the vulnerabilities as follows:
- Critical: 3
- Important: 57
- Moderate: 1
- Low: 2
This release also includes 23 vulnerabilities fixed in Microsoft’s Chromium-based Edge browser since last month’s update. This demonstrates Microsoft’s ongoing commitment to security across its platforms.
Actively Exploited Vulnerabilities
CVE-2025-21391: Microsoft Windows Storage Elevation of Privilege Vulnerability
CVE-2025-21391 has a CVSS score of 7.1. This vulnerability allows attackers to delete targeted files on a system. Although it does not enable the disclosure of confidential information, the potential for data deletion could disrupt services. Mike Walters, president and co-founder of Action1, emphasized that attackers could exploit this vulnerability alongside other flaws. This could enable them to escalate privileges and erase critical forensic evidence, complicating recovery efforts.
CVE-2025-21418: Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-21418 carries a CVSS score of 7.8 and presents a privilege escalation risk within the AFD.sys component. This vulnerability could allow attackers to gain SYSTEM privileges, posing a significant threat to system integrity. Notably, a similar vulnerability (CVE-2024-38193) was previously weaponized by the North Korea-linked Lazarus Group, raising concerns about ongoing exploitation.
Implications of Exploitation
The exploitation of these vulnerabilities is particularly concerning because they leverage flaws in native Windows drivers. This eliminates the need for attackers to introduce additional vulnerable drivers into target environments. While it remains unclear if CVE-2025-21418 is linked to the Lazarus Group, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This mandates federal agencies to implement the patches by March 4, 2025.
Other Noteworthy Vulnerabilities
Among the other critical vulnerabilities addressed in this update, CVE-2025-21198 stands out with a CVSS score of 9.0. This remote code execution (RCE) vulnerability in the High Performance Compute (HPC) Pack could allow attackers to execute arbitrary code on connected clusters by sending specially crafted HTTPS requests.
Additionally, CVE-2025-21376, another RCE vulnerability affecting Windows Lightweight Directory Access Protocol (LDAP), has a CVSS score of 8.1. Successful exploitation of this flaw requires navigating a race condition. However, given LDAP’s integral role in Active Directory, a compromise could facilitate lateral movement and privilege escalation within enterprise networks.
