Microsoft has released a critical security update patch for February addressing 63 vulnerabilities across major products like Windows, Office, and Azure, including two critical vulnerabilities related to privilege escalation. Users are urged to apply these patches promptly to protect their systems.
Affected: Windows, Microsoft Office, Azure, Microsoft Visual Studio
Affected: Windows, Microsoft Office, Azure, Microsoft Visual Studio
Keypoints :
- Microsoft released 63 security fixes with critical vulnerabilities identified.
- High-impact vulnerabilities include privilege escalation and remote code execution.
- CVE-2025-21418 and CVE-2025-21391 are particularly concerning with exploited status.
- Other affected software includes Microsoft Excel and SharePoint with critical vulnerabilities.
- Users are urged to install patches immediately for protection.
- Detailed descriptions and CVSS scores highlight the severity of the vulnerabilities.
MITRE Techniques :
- Privilege Escalation (T1068): Exploits Windows Storage Permission Escalation Vulnerability (CVE-2025-21391) allowing a local attacker to execute code with SYSTEM privileges.
- Privilege Escalation (T1068): Exploits WinSock Elevation of Privilege Vulnerability (CVE-2025-21418) through heap buffer overflow due to boundary errors.
- Remote Code Execution (T1203): Targeting Windows LDAP Remote Code Execution Vulnerability (CVE-2025-21376) through crafted LDAP requests.
- Remote Code Execution (T1203): Affecting Microsoft Excel with a vulnerability (CVE-2025-21381) leading to execution upon opening a malicious file.
- Remote Code Execution (T1203): Involves DHCP Client Service Remote Code Execution Vulnerability (CVE-2025-21379) taking advantage of man-in-the-middle attacks.