Microsoft on Tuesday released fixes for 63 security deficiencies The impact on its software products, including two vulnerabilities, which, he said, came into active exploitation in the wild.
Of the 63 vulnerabilities, three are evaluated critical, 57 – important, one is estimated moderately and two are low. It is besides 23 flaws Microsoft appealed to her browser based on Chromium from last month’s exit Update on Tuesday patch.
The update is characteristic of correction of two actively exploited disadvantages –
- Cve-2025-21391 (CVSS assessment: 7.1) – Exaltation of storage Windows vulnerability
- Cve-2025-21418 (CVSS assessment: 7.8) – Windows Auxiliary Driver for Exaltation WinSock Privilee
“The attacker will only be able to delete the target files in the system,” Microsoft said in the CVE-2025-21391 alerts. “This vulnerability does not allow you to disclose any confidential information, but may allow the attacker to remove the data that may include the data that is unavailable.”
Mike Walters, president and co -founder Action1, noted The fact that the vulnerability can be chained to other deficiencies to escalate the privileges and perform the following actions that can complicate the efforts to restore and allow the threat to the subject to cover their tracks by removing important judicial artifacts.
The CVE-2025-21418, on the other hand, concerns the cases of privileges in afd.sys, which can be used to achieve the privileges of the system.
It is worth noting that a similar disadvantage in the same component (Cve-2014-38193) was disclosed According to Gen Digital in August last August, armed with the Lazarus group associated with North Korea. In February 2024, the technological giant also connected the lack of escalation of the Windows kernel (CVE-2024-21338), which touched the AppLocker (Appid.sys) driver, which was also used by a hacking crew.
These attack chains stand out because they go beyond the traditional vulnerable driver attack (BYOVD), taking advantage of the lack of safety in the native window driver, thus avoiding the need to introduce other drivers into the target environment.
It is currently unknown if the Cve-2025-21418 abuse is also associated with the Lazarus group. Agency for cybersecurity and US infrastructure (CISA) has added Both drawbacks in his known exploited vulnerabilities (Ship) A catalog that requires federal agencies to apply the patches by March 4, 2025.
The most serious of the disadvantages addressed to Microsoft in the update this month, have Cve-2025-2198 (CVSS assessment: 9.0), the vulnerability of the remote code (RCE) in the high performance package (HPC).
“The attacker can use this vulnerability by sending a specially designed request HTTPS to the target node or the Linux computing node, providing them with the ability to perform RCE on other clusters or nodes connected to the target knot,” Microsoft said.
It is also worth noting that another vulnerability of RCE (Cve-2025-21376. However, successful exploitation of the lack requires the actor to win the race condition.
“Given that LDAP is an integral part of Active Directory, which underlies authentication and control in businesses, compromise can lead to lateral motion, escalation of privileges and extensive violations of the network,” said Ben Makartky leading Cybersecurity in the Immacial Lab.
Elsewhere the update also decides the vulnerability of the Hash NTLMV2 (vulnerability (vulnerability (Cve-2025-21377.
Software patches from other suppliers
In addition to Microsoft, security updates have also been released in the last couple of weeks to fix multiple vulnerabilities, including –
