Full Report
February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation
Analysis Summary
This summary is based on the context provided, focusing only on the identifiable vulnerability details extrapolated from the truncated article snippet.
# Vulnerability: Actively Exploited Windows Storage EoP Flaw (February 2025)
## CVE Details
- CVE ID: CVE-2025-21391
- CVSS Score: 7.1 (High, inferred from context describing significant integrity/availability impact)
- CWE: Not explicitly stated, but related to arbitrary file/folder deletion.
## Affected Systems
- Products: Windows (Operating System)
- Versions: Not specified in the provided excerpt.
- Configurations: Affects systems where file/folder deletion and recreation can be chained with subsequent execution steps.
## Vulnerability Description
CVE-2025-21391 is an Elevation of Privilege (EoP) vulnerability within the Windows Storage component. The flaw allows an attacker to perform arbitrary file/folder deletion. The exploitation chain involves deleting a crucial system item, recreating that item with weak permissions controlled by the attacker, and subsequently tricking Windows into executing attacker-controlled content, leading to system-level access.
## Exploitation
- Status: Currently under active exploitation.
- Complexity: Medium (Requires chaining the deletion/recreation step with a subsequent execution path).
- Attack Vector: Likely Local or via an initial Remote Code Execution (RCE) vulnerability to execute the deletion payload.
## Impact
- Confidentiality: No direct impact known (Stated: "It poses no threat to confidentiality").
- Integrity: High impact (Can strike hard, potentially crippling servers by deleting key data).
- Availability: High impact (Can cripple servers if key data is removed).
## Remediation
### Patches
- Microsoft released security updates for this CVE as part of its February Patch Tuesday cycle. (Specific patch version numbers are not detailed in the text.)
### Workarounds
- No specific workarounds mentioned in the excerpt.
## Detection
- Detection methods focus on monitoring for the specific chain of operations: arbitrary file/folder deletion, subsequent recreation of system paths with modified permissions, and later execution from those paths.
## References
- Vendor Advisories: Microsoft Security Update (February 2025 Patch Tuesday)
- Relevant Links: infosecurity-magazine dot com/news/microsoft-fixes-two-actively/