Two actively exploited vulnerabilities in Windows should be prioritized by CISOs as part of their February Patch Tuesday efforts, experts say. The vulnerabilities are CVE-2025-21391 and CVE-2025-21418.
CVE-2025-21391 is a storage escalation of privilege vulnerability that allows an attacker to delete targeted files on a system without reading them. This could lead to significant impacts on data integrity and availability.
CVE-2025-21418 is a Windows Ancillary Function Driver for WinSock escalation of privilege vulnerability due to a buffer overflow. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges, compromising the security and integrity of corporate systems.
According to Mike Walters, president of patch management provider Action1, “With SYSTEM-level access, attackers could install programs, view, change, or delete data, or create new accounts with full user rights.” Tyler Reguly, associate director of security R&D at Fortra, agrees that the WinSock hole is more serious due to its potential to hit all three parts of the CIA (data confidentiality, integrity, and availability) triad.
Additionally, Microsoft has identified a zero-day remote code execution vulnerability in Windows Server’s Lightweight Directory Access Protocol (LDAP), CVE-2025-21376. This vulnerability could allow an attacker to access sensitive information, disrupt services, and pivot to other systems on the network.
Action1 has also warned about three zero-day vulnerabilities in Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). These vulnerabilities can be exploited by attackers with low privileges to execute code with SYSTEM privileges, gaining control over the host system.
CISOs should prioritize patching for these vulnerabilities and monitor for possible unusual activity. They should also consider implementing stronger authentication mechanisms, such as Kerberos, and providing user training to prevent interactions with suspicious files.
Source: https://www.csoonline.com/article/3822488/february-patch-tuesday-cisos-should-act-now-on-two-actively-exploited-windows-server-vulnerabilities.html