FOCUS MODE
EXTRACT IOC
Cyber Security News

Microsoft Patch Tuesday, February 2025 Security Update Review – Qualys ThreatPROTECT

iocOne
Microsoft Patch Tuesday, February 2025 Security Update Review – Qualys ThreatPROTECT
Microsoft’s February 2025 Patch Tuesday release addressed 67 vulnerabilities, including three critical and 53 important ones, with key updates targeting Microsoft Edge, Windows services, and multiple software vulnerabilities. Notably, four zero-day vulnerabilities were patched, two of which were actively exploited. Users are advised to implement these updates promptly to enhance system security. Affected: Microsoft Windows, Microsoft Edge, Microsoft Excel, Microsoft Dynamics 365, Microsoft SharePoint, Microsoft Surface, Windows DHCP Server, Windows LDAP, Windows NTLM

Keypoints :

  • February 2025 Patch Tuesday contains updates for 67 vulnerabilities.
  • Three vulnerabilities are classified as critical.
  • Four zero-day vulnerabilities were patched, with significant risks addressed.
  • Ten vulnerabilities were identified in Microsoft Edge (Chromium-based).
  • Types of vulnerabilities include spoofing, denial of service, elevation of privilege, information disclosure, and remote code execution.
  • CISA added critical CVEs to its Known Exploited Vulnerabilities Catalog urging users to patch before March 4, 2025.
  • Qualys VMDR can help detect and remediate these vulnerabilities effectively.

MITRE Techniques :

  • TA0001 – Initial Access, Procedure: Exploiting vulnerabilities in DHCP Client Service and LDAP for remote code execution.
  • TA0002 – Execution, Procedure: Exploiting Microsoft Excel for remote code execution.
  • TA0003 – Persistence, Procedure: Exploiting vulnerabilities in multiple services to gain SYSTEM privileges.
  • TA0004 – Privilege Escalation, Procedure: Exploiting Windows Storage and Ancillary Function Driver vulnerabilities.
  • TA0005 – Defense Evasion, Procedure: Utilizing security feature bypasses in Microsoft Surface.
  • TA0006 – Credential Access, Procedure: Exploiting NTLM hash disclosure vulnerability.

CVE :

  • cve-2025-21391
  • cve-2025-21418
  • cve-2025-21377
  • cve-2025-21194
  • cve-2025-21379
  • cve-2025-21376
  • cve-2025-21381
  • cve-2025-21358
  • cve-2025-21184
  • cve-2025-21414
  • cve-2025-21420
  • cve-2025-21400
  • cve-2025-21419
  • cve-2025-21367

Full Story: https://threatprotect.qualys.com/2025/02/12/microsoft-patch-tuesday-february-2025-security-update-review/

Tags: PRIVILEGE, ACTIVE DIRECTORY, CREDENTIAL, PERSISTENCE, ZERO-DAY, PATCH, TOOL, VULNERABILITY