Microsoft February 2025 Patch Tuesday Fixes Actively Exploited Zero-Days

What happened: Microsoft released its February 2025 security updates, patching over 55 vulnerabilities across its product portfolio. The update addresses multiple zero-day vulnerabilities under active exploitation, including an elevation of privilege flaw in Windows Storage and a privilege escalation in the Windows Ancillary Function Driver for WinSock.

Technical details: CVE-2025-21391 is a Windows Storage elevation of privilege vulnerability that allows attackers to delete targeted files on a system, potentially leading to service disruption. CVE-2025-21418 is a privilege escalation in the WinSock AFD driver allowing SYSTEM-level access. CVE-2025-21377 is an NTLMv2 hash disclosure vulnerability that leaks credentials through minimal user interaction with a malicious file. CVE-2025-21376 is a critical RCE in Windows LDAP with a CVSS score of 8.1 that could be triggered by sending crafted LDAP requests.

Who is affected: All supported Windows desktop and server platforms. The NTLM hash disclosure vulnerability is particularly concerning for enterprise environments still relying on NTLM authentication, as leaked hashes can be used in relay attacks to authenticate to other services.

What defenders should do: Prioritize the two actively exploited zero-days for immediate patching. Organizations should accelerate their transition away from NTLMv2 authentication given the hash disclosure vulnerability. Monitor for NTLM relay attacks and implement Extended Protection for Authentication where possible. Test and deploy the LDAP patches urgently for domain controller environments.

Broader implications: The continued exploitation of Windows privilege escalation vulnerabilities indicates that attackers frequently combine these with other initial access vectors to achieve full system compromise. The NTLMv2 hash disclosure vulnerability adds further urgency to Microsoft's long-standing recommendation to deprecate NTLM in favor of Kerberos authentication.