Full Report
Microsoft’s Patch Tuesday for February 2025 fixes four zero-day vulnerabilities, including two under active attack, plus another eight flaws judged to be at high risk of attack. In all, the Patch Tuesday February 2025 release note lists 63 Microsoft CVEs and four non-Microsoft CVEs, three of which are for Chromium-based Microsoft Edge. The highest-rated vulnerability, CVE-2025-21198, a 9.0-severity Microsoft High Performance Compute (HPC) Pack Remote Code Execution vulnerability, was judged to be at lower risk for exploitation because it requires network access. After January’s record 159 vulnerabilities, which included eight zero days and another 17 vulnerabilities at risk of exploitation, the February 2025 Patch Tuesday list seemed like something of a break in comparison. Microsoft Zero-Days Under Attack The actively exploited vulnerabilities include CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. CVE-2025-21391 is a 7.1-rated Link Following vulnerability that doesn’t allow disclosure of confidential information, but Microsoft said an attacker could delete data that that results in the service being unavailable. No further information was released on the vulnerability. CVE-2025-21418 is a 7.8-severity Heap-based Buffer Overflow vulnerability that could allow an attacker to gain system privileges. It was disclosed anonymously. The other zero days revealed by Microsoft include CVE-2025-21194, a 7.1-rated Microsoft Surface Security Feature Bypass vulnerability that requires multiple conditions for exploitation; and CVE-2025-21377, a 6.5-severity NTLM Hash Disclosure Spoofing vulnerability. The Surface vulnerability was rated as less likely to be exploited, while the NTLM flaw was rated “Exploitation More Likely.” Patch Tuesday February 2025 Vulnerabilities at High Risk of Attack In addition to the four zero days, an additional eight vulnerabilities were rated as “Exploitation More Likely.” The eight range in severity from 7.0 to 8.1 on the CVSS v3.1 scoring system. They include: CVE-2025-21419, a Windows Setup Files Cleanup Elevation of Privilege vulnerability CVE-2025-21420, a Windows Disk Cleanup Tool Elevation of Privilege vulnerability CVE-2025-21400, an 8.0-rated Microsoft SharePoint Server Remote Code Execution vulnerability CVE-2025-21414, CVE-2025-21184, and CVE-2025-21358, all of which are Windows Core Messaging Elevation of Privileges vulnerabilities that could allow an attacker to gain system privileges CVE-2025-21367, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability CVE-2025-21376, an 8.1-rated Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution vulnerability. Other Vendors Issuing Patch Tuesday Updates Patch Tuesday isn’t just for Microsoft, of course, as several other vendors also released updates. A partial list includes: Adobe Apple AMD Android Fortinet Ivanti SAP
Analysis Summary
The provided article aggregates information about the February 2025 Patch Tuesday, focusing heavily on Microsoft updates and notable zero-days patched by other vendors like Apple. Since the article lists multiple CVEs without a detailed technical breakdown for each, this summary consolidates the most salient, actionable information extracted regarding known vulnerabilities and their patching status.
# Vulnerability: February 2025 Patch Roundup (Microsoft and Others)
## CVE Details
The summary identifies several disclosed vulnerabilities. Two critical items often receive immediate attention:
- **CVE ID:** CVE-2025-24200 (Apple iOS Zero-Day)
- **CVE ID:** CVE-2025-21376 (Windows LDAP RCE)
- **CVE ID:** CVE-2025-21400 (SharePoint RCE)
- **CVE IDs:** CVE-2025-21419, CVE-2025-21420, CVE-2025-21414, CVE-2025-21184, CVE-2025-21358 (Various Windows EoPs)
- **CVSS Score:** 8.0 (for CVE-2025-21400)
- **CVSS Score:** 8.1 (for CVE-2025-21376)
- **CWE:** Not explicitly detailed for all CVEs, but categories include Elevation of Privilege (EoP) and Remote Code Execution (RCE).
## Affected Systems
- **Products (Microsoft Focus):** Windows (various components including Setup Files Cleanup, Disk Cleanup Tool, Core Messaging, Win32 Kernel Subsystem, LDAP), Microsoft SharePoint Server.
- **Products (Other Vendors):** Apple iOS, Adobe products, Android, Fortinet products, Ivanti products, SAP products.
- **Versions:** Not specified in detail for individual CVEs, except generally covered under the February 2025 security updates released by the respective vendors.
- **Configurations:** Varies by CVE (e.g., CVE-2025-21400/21376 relate to specific server/OS components).
## Vulnerability Description
The report highlights two zero-day vulnerabilities actively being exploited in the wild that were patched in the February 2025 cycle (one being CVE-2025-24200 for Apple, implied for a Microsoft CVE).
Specific Microsoft flaws include:
1. **Elevation of Privilege (EoP):** Several vulnerabilities (e.g., CVE-2025-21419, -21420, -21414, -21184, -21358) allowing a low-privileged attacker to gain elevated system privileges through components like Windows Setup Files Cleanup, Disk Cleanup Tool, Core Messaging, and the Win32 Kernel Subsystem.
2. **Remote Code Execution (RCE):** A critical flaw (potentially CVE-2025-21376) in the Windows LDAP component, and another RCE in Microsoft SharePoint Server (CVE-2025-21400).
## Exploitation
- **Status:** **Actively Exploited in the Wild** (at least two zero-days total in the February release cycle; CVE-2025-24200 is confirmed as exploited).
- **Complexity:** Likely **Low** for the zero-days, given active exploitation prior to patching. Specific complexity scores are not provided for the identified Microsoft CVEs.
- **Attack Vector:** Varies. RCE vulnerabilities often allow **Network** exploitation, while EoP flaws usually require prior **Local** access or another vector to initiate.
## Impact
Impact levels are generally high based on the vulnerability types associated with the CVEs listed:
- **Confidentiality:** High (Potential information disclosure via RCE).
- **Integrity:** High (Ability to modify system settings or files via RCE/EoP).
- **Availability:** High (System modification or access control bypass leading to disruption).
## Remediation
### Patches
All vendors mentioned (Microsoft, Apple, Adobe, Android, Fortinet, Ivanti, SAP) have released updates corresponding to the noted vulnerabilities in their February 2025 advisories.
- **Microsoft:** Updates addressing all listed CVEs (e.g., CVE-2025-21376, CVE-2025-21400, etc.) are available via the February 2025 Patch Tuesday release.
- **Apple:** Emergency update released for CVE-2025-24200.
### Workarounds
No specific workarounds are detailed in the summary for the individual CVEs, but given the critical nature (especially for exploited zero-days), immediate patching is the primary defense.
## Detection
- **Indicators of Compromise (IoCs):** Not specified by specific hash, file signature, or network pattern within this summary.
- **Detection methods and tools:** Monitoring for unusual activity associated with the affected components (LDAP, Kernel, SharePoint service accounts). For exploited zero-days, behavior analysis tools are crucial until platform-specific signatures are deployed.
## References
- Microsoft Security Response Center (MSRC) Update Guide for February 2025 (URLs provided in article are defanged below).
- Apple Advisory regarding CVE-2025-24200.
- Adobe Security Bulletins.
- Android Security Bulletins for February 2025.
- Fortinet PSIRT advisories.
* [Vendor advisories (Microsoft)](https://msrc-microsoft-com/update-guide/en-US)
* [Vendor advisories (Apple)](https://thecyberexpress-com/apple-patches-cve-2025-24200/)