On February 11, 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security bulletin that affect Microsoft Windows and are classified as critical or have been exploited in the wild.
Vulnerabilities
| Vulnerability | CVSS | Description | Exploited? |
| CVE-2025-21376 | 8.1 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability – An unauthenticated remote threat actor could exploit this vulnerability by sending a crafted request to a vulnerable LDAP server, potentially leading to remote code execution via a race condition. | No |
| CVE-2025-21391 | 7.1 | Windows Storage Elevation of Privilege Vulnerability – Could allow a threat actor to delete data which could result in the service being unavailable. It does not disclose any confidential information. | Yes |
| CVE-2025-21418 | 7.8 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability – Could allow a threat actor to gain SYSTEM privileges. | Yes |
Recommendation
Upgrade to the Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
| Affected Product | Vulnerability | Update Article |
| Windows 10 for 32-bit, and x64 Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5052040 |
| Windows 10 Version 1607 for 32-bit, and x64-based Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5052006 |
| Windows 10 Version 1809 for 32-bit, and x64-based Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5052000 |
| Windows 10 Version 21H2 and 22H2 for 32-bit Systems, ARM64-based Systems, and x64-based Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051974 |
| Windows 11 Version 22H2 and 23H2 for ARM64-based Systems and x64-based Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051989 |
| Windows 11 Version 24H2 for ARM64-based Systems and x64-based Systems | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051987, 5052105 |
| Windows Server 2008 for 32-bit, and x64-based Systems Service Pack 2 | CVE-2025-21376, CVE-2025-21418 | 5052038, 5052072 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2025-21376, CVE-2025-21418 | 5052016, 5052032 |
| Windows Server 2012 | CVE-2025-21376, CVE-2025-21418 | 5052020 |
| Windows Server 2012 R2 | CVE-2025-21376, CVE-2025-21418 | 5052042 |
| Windows Server 2016 | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5052006 |
| Windows Server 2019 | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5052000 |
| Windows Server 2022 | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051979, 5052106 |
| Windows Server 2022, 23H2 Edition | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051980 |
| Windows Server 2025 | CVE-2025-21376, CVE-2025-21391, CVE-2025-21418 | 5051987, 5052105 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Microsoft Patch Tuesday February 2025
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
Resources
