Service Notices

All Notices > Security Notices > Microsoft Releases February 2025 Security Updates

Microsoft Releases February 2025 Security Updates

Feb 14, 2025 GMT+08:00

I. Overview

Huawei Cloud noticed that Microsoft has released its February 2025 Security Updates. A total of 55 security vulnerabilities have been disclosed, among which 3 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Visual Studio and Microsoft Azure.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Windows Storage Elevation of Privilege Vulnerability (CVE-2025-21391): 0-day vulnerability. An authenticated local attacker can exploit this vulnerability to delete target files from the system. This vulnerability has been exploited in the wild, and the risk is high.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2025-21418): 0-day vulnerability. An authenticated local attacker can exploit this vulnerability to gain the SYSTEM privilege. This vulnerability has been exploited in the wild, and the risk is high.

NTLM Hash Disclosure Spoofing Vulnerability (CVE-2025-21377): A remote attacker can exploit this vulnerability by tricking a victim into opening a specially crafted file. Successfully exploiting the vulnerability allows the attacker to obtain the victim's NTLMv2 hash value, which can then be used to verify the user's identity. The vulnerability has been disclosed, and the risk is high.

9 vulnerabilities (such as CVE-2025-21376, CVE-2025-21400, and CVE-2025-21420) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Visual Studio, Microsoft Azure, and other products.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2025-21376

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Important

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to a vulnerable LDAP server. Successful exploitation may cause a buffer overflow, which can be used to execute remote code.

CVE-2025-21381

Microsoft Excel Remote Code Execution Vulnerability

Important

An attacker can exploit this vulnerability by convincing the victim to download and open a specially crafted file from a website. Successful exploitation may result in remote code execution on the target system.

CVE-2025-21379

DHCP Client Service Remote Code Execution Vulnerability

Important

A remote attacker on the local network can execute remote code on the target system by performing a man-in-the-middle (MITM) attack.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.