Microsoft Addresses 55 Vulnerabilities: Two Are Being Actively Exploited

On February 11, 2025, Microsoft released security updates addressing 55 vulnerabilities across its software products, including four zero-day flaws. Notably, two of these zero-day vulnerabilities have been actively exploited in the wild.

Actively Exploited Zero-Day Vulnerabilities:

• CVE-2025-21418: A heap-based buffer overflow in the Windows Ancillary Function Driver for WinSock (AFD.sys). This elevation of privilege vulnerability allows local attackers to gain SYSTEM privileges. Microsoft has confirmed active exploitation of this flaw. More info from Microsoft available here.
• CVE-2025-21391: An elevation of privilege vulnerability in Windows Storage. Exploitation enables attackers to delete targeted files, potentially causing service disruptions. While it doesn’t allow data disclosure, the deletion of critical files can lead to significant operational issues. This vulnerability has also been actively exploited.

Understanding the Threat

Elevation of privilege vulnerabilities like these are often a crucial step in an attacker’s kill chain. These vulnerabilities, while not granting initial access, allow attackers to escalate privileges once they have infiltrated a system, effectively moving from a low-privilege foothold to full control over the targeted machine. This enables:

• Persistence: Attackers can establish long-term access to compromised systems.
• Privilege Escalation: Moving from user-level access to SYSTEM or administrator privileges.
• Lateral Movement: Compromising other machines in the network by leveraging elevated privileges.
• Destruction or Data Wiping: As seen with CVE-2025-21391, attackers could delete files critical to operations, causing downtime and service interruptions.

Threat actors, especially those engaged in ransomware operations or state-sponsored cyber-espionage, often chain such vulnerabilities with phishing attacks, supply chain compromises, or credential theft to maximize their impact.

Do This Now to Stay Protected

1. Install the latest Windows update:
   1. Open Settings on your Windows computer.
   2. Navigate to Update & Security > Windows Update.
   3. Click Check for updates.
   4. If updates are available, install them immediately and restart your system.

You can verify if the patch is deployed with the following PowerShell command: 

• Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 10

2. Enable Windows Defender
3. Use Multi-Factor Authentication (MFA) to secure accounts against credential theft.