Microsoft Followed Up Its Massive January Patch Tuesday Update Containing Fixes for 159 Vulnerabilites with a more modest crop this month. This time, it releases fixes for 57 new Common Vulnerabilites and Exposures (cves) in its updateThree of which are critical.
Dustin children of the Zero day initiative described one of the vulnerabilitys as unprecedened in the wild. This is a windows storage elevation of privilege (eop) vulnerability, Cve-2025-21391,
In a blog post, children said: “This is… a type of bug we have seen exploited publicly. The vulnerability allows an attacker to delete targeted files. How does this lead to privilege escalation? My Colleague Simon Zuckerbraun Details the technique hereWhile we've seen similar issues in the past, this does appear to be the first time the technique has been exploited in the wild It's also likely paired with a code execution bug to complete take over a system. Test and Deploy this Quickly. “
In Computer Weekly's Sister Title Searchwindowssers, Tom walat picked out two new zero-day Vulnerabilites that Microsoft has Fixed in this Patch Tuesday, Including the eop that children highlighted.
“The first new zero-day is a windows ancillary function driver for Winsock Elevation-of-Privilege Vulnerability (CVE-2025-21418) Rated Important with A CVSS (Common Vulnerability Scoring System) Score of 7.8. This bug affects all currently supported windows desktop and server systems, ”He Wrote.
The second new zero-day is the storage eop vulnerability (cve-2025-21391) w Privileges. If successful, the attacker can delete files on a system to cause service disruptions And Possibly Perform Other Actions, Such as Elevating Their Privileges. “
Childs also picked out Cve-2025-21376A Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) Vulnerability. “This vulnerability allows a remote, unauthonicated attacker to run his code on an affected system Simply by sending a malicious request request to the target,” He Wrote. “Since there's no user interaction involved, that makes this bug wormable between affected ldap servers. Microsoft lists this as 'exploitation likely', so even thought this may be unlikely, I would treat this as an impending exploitation. Test and deploy the patch Quickly. “
In the cve notes to this “critical” vulnerability, which has a cvss rating of 8.1, Microsoft stated: “An unauthorable attacker group sent a specialty request to a vulnerable ldap server. Successful exploitation should result in a buffer overflow which could be leveraged to achieve the remote code execution. “
There are also Several Microsoft Excel Bug Fixes in this update, Including Cve-2025-21387An rce vulnerability. “This is one of Several Excel Fixes where the preview pane is an attack sector, which is confusing as microsoft also notes that user interaction is required,” Said Childs. “They also note that multiple patches are required to address this vulnerability. This likely can be exploited eite by opening a Malicious Excel File or Previewing a Malicious Attachment in Outlook. Eather way, make sure you get all the needed patches tested and deployed. “
This vulnerability is one of Six Excel Flaws that Microsoft Corrected This Month, in What Proved to be a relatively light Patch Tuesday,