Full Report
The company’s monthly Patch Tuesday update comes with more than two-thirds of the patches closing high-severity flaws. The post Microsoft fixes 63 vulnerabilities, including 2 zero-days appeared first on CyberScoop.
Analysis Summary
Based on the provided context, here is the summary of the critical vulnerabilities disclosed by Microsoft:
# Vulnerability: Microsoft February 2025 Patch: Two Zero-Days Disclosed
## CVE Details
- CVE ID: CVE-2025-21391, CVE-2025-21418 (and 61 other vulnerabilities)
- CVSS Score: 7.1 (for CVE-2025-21391), 7.8 (for CVE-2025-21418). Many others are high-severity.
- CWE: Not explicitly listed, but CVE-2025-21391 is an improper link resolution before file access defect.
## Affected Systems
- Products: Windows CoreMessaging, Windows Storage, Windows Telephony Service, Windows Ancillary Function Driver for WinSock, Microsoft Excel, Microsoft Office, Microsoft Dynamics 365 Sales, and others.
- Versions: General Windows systems are at risk due to the ubiquity of the affected components. Specific vulnerable versions are not detailed beyond the general product lines.
- Configurations: The flaws impact those relying on the widely used Windows Storage and Windows Ancillary Function Driver for foundational networking.
## Vulnerability Description
Microsoft addressed 63 vulnerabilities in total, with over two-thirds rated as high-severity. Two vulnerabilities are confirmed to be zero-days being actively exploited:
1. **CVE-2025-21391 (Windows Storage):** An improper link resolution before file access vulnerability. This flaw allows an attacker to **delete targeted files** on a system.
2. **CVE-2025-21418 (Windows Ancillary Function Driver for WinSock):** A heap-based overflow vulnerability. This flaw allows an attacker to gain **system privileges (Local Privilege Escalation)**.
## Exploitation
- Status: **Exploited in the wild** (for both CVE-2025-21391 and CVE-2025-21418). Microsoft designated nine vulnerabilities as "more likely" to be exploited.
- Complexity: Low (for CVE-2025-21418, specifically noted for low attack complexity and low privilege requirements).
- Attack Vector: Not specified, but privilege escalation and file deletion suggest **Local** or **Network** access depending on the initial vector used to chain exploits.
## Impact
- Confidentiality: Potential risk if CVE-2025-21391 is combined with other vulnerabilities to achieve privilege escalation. (CVE-2025-21391 itself does not put confidential data at risk).
- Integrity: High impact for CVE-2025-21391 (file deletion) and CVE-2025-21418 (system privileges).
- Availability: High impact for CVE-2025-21391, as data deletion could render services inoperable.
## Remediation
### Patches
- Patches are available as part of Microsoft's **February 2025 Patch Tuesday update**. Specific patch release information for individual products is contained within the referenced MSRC guide.
### Workarounds
- The context does not list specific workarounds, prioritizing immediate patching due to active exploitation.
## Detection
- **Indicators of Compromise (IOCs):** Not explicitly detailed in the provided text.
- **Detection methods and tools:** Organizations must monitor for anomalies related to file deletion operations involving system files (for CVE-2025-21391) and unusual process execution or privilege escalation attempts originating from system drivers (for CVE-2025-21418). Prioritizing patching of CVE-2025-21418 is critical due to its low complexity.
## References
- Vendor Advisory: [msrc.microsoft.com/update-guide/releaseNote/2025-Feb](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391) (Defanged)
- Vendor Advisory: [msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418) (Defanged)