Microsoft Security Update Summary (February 11, 2025)

Posted on 2025-02-12 by guenni

Update[German]On February 11, 2025, Microsoft released security updates for Windows clients and servers, for Office – and for other products. The security updates eliminate 55 vulnerabilities (CVEs), three of which are classified as critical and four as 0-day. Below is a compact overview of these updates that were released on patchday.

Advertising

Notes on the updates

A list of the updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to fix bugs or new features.

Windows Server 2012 R2

An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:

  • CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; A local, authenticated attacker can exploit this vulnerability to elevate privileges at the SYSTEM level. Microsoft indicates that this vulnerability has been exploited as a zero-day, but does not provide details.
  • CVE-2025-21391: Windows Storage Elevation of Privilege vulnerability, CVEv3 Score 7.1, important; A local, authenticated attacker could exploit this vulnerability to delete files from a system. According to Microsoft, this vulnerability does not disclose confidential information to an attacker, but merely allows them to delete data, which may include data that could lead to service interruption. Microsoft points out that this vulnerability has been exploited as a zero-day, but does not disclose any details.
  • CVE-2025-21194: Microsoft Surface Security Feature Bypass vulnerability, CVEv3 Score 7.1, important; Bypass of the Microsoft Surface security feature that became public before a patch was available from Microsoft. According to the advisory, exploiting the vulnerability requires several steps, including an attacker successfully accessing the same network as the device. In addition, the attacker must trick the user into restarting their device. Exploitation of the vulnerability has been classified as "less likely".
  • CVE-2025-21377: NTLM Hash Disclosure Spoofing vulnerability, CVEv3 Score 6.5, important; A New Technology LAN Manager (NTLM) Hash Disclosure Spoofing vulnerability that was publicly disclosed before a patch was made available. Despite the CVSSv3 score of 6.5 (medium severity), Microsoft classifies this vulnerability as "Exploitation More Likely". To successfully exploit the vulnerability, an attacker must trick a user into interacting with a malicious file, such as inspecting the file or "performing an action other than opening or executing the file". An attacker could thus obtain a user's NTLMv2 hash, which could then be used to authenticate as that user.
  • CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution vulnerability, CVEv3 Score 8.1, critical;A critical RCE vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) This vulnerability has been rated as "Exploitation More Likely" according to Microsoft. To successfully exploit the vulnerability, a race condition must be overcome via a specially crafted request required to exploit a buffer overflow. If this is successful, the attacker can reach an RCE on an affected host.
  • CVE-2025-21400: Microsoft SharePoint Server Remote Code Execution vulnerability, CVEv3 Score 8.0, important;Successful exploitation would allow an attacker to execute arbitrary code. To exploit the vulnerability, an attacker must first force the victim's computer to connect to a malicious server.
  • CVE-2025-21184, CVE-2025-21358, CVE-2025-21414: Windows Core Messaging Elevation of Privileges vulnerability, CVEv3 Score 7.0-7.8, important; Exploitation of these vulnerabilities could allow an attacker to escalate privileges on SYSTEM. According to Microsoft, exploitation of CVE-2025-21184 and CVE-2025-21414 requires an attacker to gather information about the target and take additional steps to prepare a target for exploitation. Despite the different requirements needed for exploitation, Microsoft classifies all three vulnerabilities as "Exploitation Likely".

A list of all CVEs discovered can be found on this Microsoft page, excerpts are available at Tenable.

Advertising

Similar articles:
Microsoft Security Update Summary (February 11, 2025)
Patchday: Windows 10/11 Updates (February 11, 2025)
Patchday: Windows Server-Updates (February 11, 2025)
Patchday: Microsoft Office Updates (February 11, 2025)

Advertising
This entry was posted in Office, Security, Software, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).