Microsoft Patches 63 Security Flaws, Including Two Exploited in the Wild

Microsoft has released updates to fix 63 security flaws impacting its software products. Among these vulnerabilities, two have come under active exploitation in the wild. The update addresses critical and important security issues, including a remote code execution vulnerability that allows attackers to perform malicious actions on systems.

The most severe flaw addressed by Microsoft is CVE-2025-21198, which has a CVSS score of 9.0. This vulnerability can be exploited by sending a specially crafted HTTPS request to target nodes, allowing attackers to execute code remotely. Another RCE vulnerability, CVE-2025-21376, with a CVSS score of 8.1, impacts Windows Lightweight Directory Access Protocol (LDAP) and permits attackers to send malicious requests to gain access to arbitrary code.

Additionally, the update fixes a NTLMv2 hash disclosure vulnerability that could permit an attacker to authenticate as a targeted user. Microsoft has added both CVE-2025-21418 and CVE-2025-21391 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply patches by March 4, 2025.

Other vendors have also released security updates to address vulnerabilities, including Adobe, Advantive VeraCore, Amazon Web Services, AMD, Apple, Arm, ASUS, AutomationDirect, Bosch, Canon, Cisco, CODESYS, D-Link, Dell, Devolutions Remote Desktop Manager, Drupal, F5, Fortinet, GitLab, Google Android and Pixel, Google Chrome, Google Cloud, Google Wear OS, HMS Networks, HP, HP Enterprise (including Aruba Networking), IBM, Intel, Ivanti, Jenkins, Juniper Networks, Lenovo, Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu, MediaTek, Mitel, Mitsubishi Electric, Mozilla Firefox, Firefox ESR, Thunderbird, NETGEAR, NVIDIA, OpenSSL, Palo Alto Networks, Progress Software, QNAP, Qualcomm, Rockwell Automation, Salesforce, Samsung, SAP, Schneider Electric, Siemens, SolarWinds, SonicWall, Synology, Trimble Cityworks, Veeam, Veritas, Zimbra, Zoom, and Zyxel.

Source: https://thehackernews.com/2025/02/microsofts-patch-tuesday-fixes-63-flaws.html