Microsoft has released security updates addressing more than 60 vulnerabilities across its software products, with two flaws under active exploitation. The updates come as part of the company's regular Patch Tuesday release.
The two actively exploited vulnerabilities are tracked as CVE-2025-21391 and CVE-2025-21418. The first one is a Windows Storage Elevation of Privilege Vulnerability, which could allow an attacker to delete targeted files on a system.
Security experts warn that CVE-2025-21391 could be chained with other flaws, enabling attackers to escalate privileges and perform additional malicious actions.
The second vulnerability, CVE-2025-21418 affects the Windows Ancillary Function Driver for WinSock (AFD.sys) and concerns privilege escalation. This flaw could be exploited to gain SYSTEM privileges, potentially granting attackers full control over a machine.
A similar vulnerability in the same AFD.sys component (CVE-2024-38193) was exploited by the North Korea-linked Lazarus Group, according to a report by Gen Digital last August. Microsoft also patched another Windows kernel privilege escalation flaw in February 2024 (CVE-2024-21338), which was weaponized by the Lazarus Group.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added both CVE-2025-21391 and CVE-2025-21418 to its Known Exploited Vulnerabilities (KEV) catalog.
In addition the above-mentioned vulnerabilities, February 2025 Patch Tuesday addresses multiple high-risk security issues affecting Microsoft Windows Remote Desktop Configuration Service, Microsoft Excel, Microsoft Office, Microsoft Windows Telephony Server, Microsoft Windows LDAP, Microsoft Windows RRAS, and other products.
