CISOs are urged to address two actively exploited vulnerabilities in Windows as part of their February Patch Tuesday initiatives. These vulnerabilities are:
-
CVE 2025-21391: This is a Windows Storage escalation of privilege vulnerability that allows an attacker to delete targeted files on a system without being able to read them. Although it won’t lead to a loss of data confidentiality, it significantly compromises data integrity and availability. The complexity of this attack is rated as low.
-
CVE 2025-21418: This vulnerability relates to the Windows Ancillary Function Driver for WinSock. The consequence of exploiting it would enable an attacker to gain SYSTEM privileges. This vulnerability poses a serious threat, especially because it could allow for the installation of programs, manipulation of data, or the creation of new user accounts.
Security experts Mike Walters and Tyler Reguly emphasize that the WinSock vulnerability should be treated as critical due to its potential impact on the confidentiality, integrity, and availability of corporate systems.
While Microsoft has not publicized the specific details regarding the exploitation of these vulnerabilities, security leaders recommend rapid organizational responses when active exploitation is indicated. Walters also highlights CVE-2025-21376, a zero-day remote code execution vulnerability in WinServer’s Lightweight Directory Access Protocol (LDAP), which, although currently not exploited, is rated as critical by Microsoft.
Additionally, patches include fixes for vulnerabilities in Microsoft Access and Microsoft Dynamics 365 Sales. A specific concern noted is CVE-2025-21377, a hash disclosure vulnerability in NTLM, which can expose user NTLMv2 hashes with minor user interaction, potentially leading to pass-the-hash attacks.
The adoption of effective patch management practices varies among organizations. More sophisticated teams use lab testing and vulnerability scans, while smaller organizations may struggle with timely patch installations. Regardless of size, all organizations should strive to improve their patch and vulnerability management processes to reduce their exposure to such vulnerabilities.
For those using Hyper-V, Action1 advises prioritizing the patching of zero-day vulnerabilities in Windows Hyper-V NT Kernel Integration Virtual Service Provider.