On February 12, 2025, it was reported that various versions of Windows and Windows Server are under attack by unknown hackers. System administrators are advised to ensure that Windows Update is activated and the latest patches are installed to safeguard against these attacks.
Overview of Attacks on Windows
Both Windows 10 and 11, along with current and older server versions, are vulnerable. Attackers exploit a major vulnerability labelled CVE-2025-21418, categorized as "high." When attackers gain access through this vulnerability, they can fully compromise the affected PCs.
In addition, another critical vulnerability, CVE-2025-21391, also rated "high," allows attackers to delete files. While Microsoft asserts that this doesn’t enable access to confidential data, it disrupts the functionality of certain services.
Additional Vulnerabilities
There are two other publicly known vulnerabilities that raise concerns:
- The first vulnerability, CVE-2025-21194, affects various Surface models. If exploited, it enables attackers to bypass security mechanisms in the UEFI to target the hypervisor and kernel. Victims must take specific actions, including restarting their devices, for an attack to succeed.
- The second vulnerability, CVE-2025-21377, poses a risk to Windows, permitting attackers to access NTLMv2 hashes if a victim clicks on a malicious file.
Most remaining vulnerabilities are classified as "high" threat levels, offering pathways for attackers to gain elevated user rights across several Microsoft services, including Azure and Dynamics 365, or to execute harmful code in Excel.
Further details on all vulnerabilities addressed during this patch day can be found in Microsoft’s Security Update Guide.