< Go Back
Blog

ION Advisory: Microsoft’s February 2025 Patch Tuesday

The Microsoft 2025 February Patch Tuesday update consists of 141 vulnerabilities for Microsoft products, 4 of these vulnerabilities are rated ‘critical’, with 2 being exploited.

Active Exploitation

The following critical vulnerabilities are already being actively exploited.

  • CVE-2025-21418Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability – An attacker who successfully exploited these vulnerabilities could gain SYSTEM privileges.
  • CVE-2025-21391Windows Storage Elevation of Privilege Vulnerability – An attacker would only be able to delete targeted files on a system.

Critical Vulnerabilities

The following critical vulnerabilities have not yet been known to be be actively exploited, or publicly disclosed.

  • CVE-2025-21179DHCP Client Service Remote Code Execution Vulnerability – The attacker must have network access to perform a machine-in-the-middle (MITM) attack using this vulnerability.
  • CVE-2025-21177Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability – Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows privilege escalation for an authorized attacker.
  • CVE-2025-21381Microsoft Excel Arbitrary Code Execution Vulnerability – The Preview Pane is vulnerable to arbitrary code execution.
  • CVE-2025-21376Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability – Successful exploitation of a vulnerable LDAP server by an unauthenticated attacker could result in a buffer overflow, which could be leveraged to achieve remote code execution.

Publicly Disclosed Vulnerabilities

The following vulnerabilities have been publicly disclosed, but are not yet known to be actively exploited.

  • CVE-2025-21194Microsoft Surface Security Feature Bypass Vulnerability – Successful exploitation of this vulnerability may result in a UEFI bypass by an attacker that has network access – it however requires the user to first reboot their machine.
  • CVE-2025-21377NTLM Hash Disclosure Spoofing Vulnerability – This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user, with minimal interaction.

Countermeasures and Patches

  • Apply patches as soon as possible, after appropriate testing.

References

Sans Report: Microsoft February 2025 Patch Tuesday – SANS Internet Storm Center

Patch-A-Palooza: PatchaPalooza

Sharing
Related Links
Keywords