Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five critical vulnerabilities from February that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2025-21391
CVE-2025-21391 is a high-severity elevation of privilege vulnerability affecting Windows Storage. This flaw was disclosed as part of Microsoft’s February 2025 Patch Tuesday update, which addressed 55 CVEs, including three critical vulnerabilities and four zero-days—two of which were actively exploited in the wild. Attackers who successfully exploit this vulnerability could gain elevated privileges, potentially allowing them to execute arbitrary code with higher system access.
Given its high risk, organizations should prioritize patching affected Windows systems to prevent potential exploitation. Unpatched systems could be leveraged by attackers to escalate privileges, bypass security measures, and gain deeper access to networks. Security teams should review Microsoft’s official guidance and deploy the necessary updates immediately to mitigate any threats associated with this vulnerability.
CVE-2025-21418
CVE-2025-21418 is a high-severity elevation of privilege vulnerability affecting the Windows Ancillary Function Driver for WinSock. CVE-2025-21418 has a CVSS v3 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that it is a local privilege escalation (LPE) vulnerability with a high impact on confidentiality, integrity, and availability.
Exploiting this vulnerability could allow an attacker to escalate privileges on a compromised system, potentially leading to unauthorized access or system control. This makes it a significant concern for organizations, particularly those running unpatched Windows systems.
Security teams should prioritize applying the relevant security patches provided by Microsoft to mitigate the risk. Organizations are also advised to review Microsoft’s official security guidance and consider implementing additional endpoint protection measures to detect and prevent privilege escalation attempts.
CVE-2025-21376
CVE-2025-21376 is a high-severity vulnerability in Windows’ Lightweight Directory Access Protocol (LDAP) service, which could allow remote code execution. The vulnerability is rated with a CVSS v3 base score of 8.1, indicating its high impact on affected systems.
An attacker exploiting this vulnerability could remotely execute arbitrary code on a vulnerable system, potentially leading to a compromise. This would require no user interaction, making it particularly dangerous in environments where systems are exposed to untrusted networks. Given the severity of the issue, organizations are urged to apply the necessary patches promptly to mitigate the risk.
Microsoft’s advisory provides further technical details on how to address the issue, and the vulnerability has been added to the CISA’s Known Exploited Vulnerabilities Catalog. Security teams should prioritize patching vulnerable LDAP services and consider implementing additional security measures to detect and block exploitation attempts.
CVE-2025-21377
CVE-2025-21377 is a medium-severity vulnerability in Windows that involves NTLM hash disclosure through spoofing. This issue, which was addressed in Microsoft’s February 2025 Patch Tuesday update, can potentially allow attackers to retrieve NTLM hashes under specific conditions. However, the attack requires user interaction, making it less critical compared to vulnerabilities that do not need user involvement.
The vulnerability has a CVSS v3 base score of 6.5, which indicates that while the risk is notable, it is not as high as other severe vulnerabilities. The CVSS v2 base score is higher at 7.8, reflecting the potential impact on systems, though the requirement for user interaction reduces the overall exploitability of the flaw.
The flaw could allow an attacker to spoof certain network traffic and extract NTLM hashes, which could then be used in offline attacks to compromise the system. While the severity is considered medium, organizations should still apply the necessary patches to prevent possible exploitation, especially if they have a large number of users with access to sensitive systems or credentials.
CVE-2025-21381
CVE-2025-21381 is a high-severity vulnerability in Microsoft Excel that could lead to remote code execution (RCE). This issue, disclosed as part of Microsoft’s February 2025 Patch Tuesday, arises from a flaw in Excel’s handling of files. If exploited, an attacker could craft a specially designed Excel file that, when opened by the user, could allow the attacker to execute arbitrary code on the victim’s machine.
The vulnerability has a CVSS v3 base score of 7.8, indicating a high level of risk, with the potential for significant damage if successfully exploited. The attack requires user interaction, as the victim must open the malicious file, but once opened, the attacker could gain the same privileges as the user running the application, potentially compromising sensitive data and system integrity. The CVSS v2 score is 7.2, suggesting a medium-high risk but less severe than the v3 score.
Given the ease of exploitation through social engineering (such as convincing the victim to open a malicious Excel document), it is important for organizations to deploy patches as soon as possible to mitigate the risk associated with this vulnerability.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
