One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8648206 |
| Date de publication | 2025-02-12 20:18:47 (vue: 2025-02-12 14:53:32) |
| Titre | Microsoft Patches 63 Flaws, Including Two Actively Exploited Zero-Days |
| Texte | Microsoft, on Tuesday, released its February 2025 Patch Tuesday, which addresses 63 security vulnerabilities, including four zero-day vulnerabilities, of which two are being actively exploited in the wild and two are publicly exposed zero-day vulnerabilities. Of the 63 flaws, three are critical, 53 are Important, and one is moderately severe. These vulnerabilities occurred across different platforms, including Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Further, the three vulnerabilities marked as “critical” were fixed in February 2025 Patch Tuesday. All of these were remote code execution (RCE) flaws, which, if exploited, could have allowed an attacker to run arbitrary code on the device. Furthermore, the two actively exploited zero-day vulnerabilities in the wild that Microsoft has addressed in the February 2025 Patch Tuesday update are: CVE-2025-21391 (CVSS 7.1) – Windows Storage Elevation of Privilege Vulnerability This Elevation of Privilege (EoP) vulnerability in Windows Storage allows a local, authenticated attacker to delete targeted files on a system. “An attacker would only be able to delete targeted files on a system. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable,” reads Microsoft\'s advisory. No details about how this flaw was exploited in attacks or who reported it have been revealed. CVE-2025-21418 (CVSS 7.8) – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The second actively exploited vulnerability allows an attacker to run a crafted program to gain SYSTEM privileges in Windows. It remains unclear how this flaw was exploited in attacks, and Microsoft states that it was disclosed anonymously. Additionally, the other two publicly disclosed zero-days that were patched in the February 2025 Patch Tuesday update are: CVE-2025-21194 (CVSS 7.1) – Microsoft Surface Security Feature Bypass Vulnerability According to Microsoft, this hypervisor flaw allows attackers to bypass UEFI and compromise the secure kernel on Surface devices. It is likely linked to the PixieFail vulnerabilities. “This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel,” explains Microsoft’s advisory. The tech giant credited Francisco Falcón and Iván Arce of Quarkslabfor discovering and reporting the vulnerability. CVE-2025-21377 (CVSS 6.5) – NTLM Hash Disclosure Spoofing Vulnerability This flaw exposes a Windows user’s NTLM hashes, which allows a remote attacker to steal Windows user hashes via minimal file interaction and potentially log in as the user. “Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability,” explains Microsoft’s advisory. |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | – ntlm – windows “an “minimal “this 0patch 2025 21194 21377 21391 21418 able about according acros across action actively additionally addressed addresses advisory all allow allowed allows also ancillary anonymously any arbitrary arce are are: attacker attackers attacks authenticated azure been being blaz but button bypass can cathay check cheung click code complete components compromise confidential could crafted credited critical cve cvss data day days delete desktop details device devices different disclosed disclosure discovering discovery does driver elevation eop executing execution explains exploited exposed exposes extensible falcón feature february file files firmware fixed flaw flaw’s flaws four francisco function further furthermore gain giant hardware has hash hashes have host how hypervisor important include including information inspecting install interaction interface its ivan iván kernel koster lead likely linked list local log machine machines malicious marked microsoft microsoft’s might minimal moderately not ntlm occurred office one only opening other out owen pacific patch patched patches performing pixiefail platforms possible potentially privilege privileges program publicly quarkslabfor rce reads relates released remains remote reported reporting results revealed right run satler second secure securify security selecting service services severe sheung single some specific spoofing states steal storage studio such surface system targeted tech than these the check three to settings trigger tuesday two uefi unavailable unclear unified update updates updates here user user’s vincent virtual visual vulnerabilities vulnerability which who wild windows winsock within would yau yorick zero – microsoft – windows “critical” |
| Tags | Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.