Microsoft Releases Tuesday Patch-March 2026; Fixed 83 Flaws
Microsoft Tuesday Patch March 2026 fixes 83 Vulnerabilities Including 2 Actively Exploited Zero-Days
Continue ReadingPatchTuesday
Microsoft Updates Patch Tuesday for Feb 2025; Address 67 Vulnerabilities, Includes 2 Exploited Zero-Days
Summary
Microsoft’s February 2025 Patch Tuesday addresses multiple security vulnerabilities, including four zero-days, with two actively exploited in the wild. This update covers a total of 67 security flaws, with three classified as critical Remote Code Execution (RCE) vulnerabilities.
Microsoft issued a revision for an older zero-day that threatens the latest Windows desktop and server versions.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-02-11 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
The affected products include Windows, Microsoft Office, Microsoft Surface, and various network services. Organizations are strongly advised to apply these patches immediately to mitigate security risks and potential cyberattacks.
- 63 Microsoft CVEs addressed
- 4 non-Microsoft CVEs included
The highlighted vulnerabilities include 4 zero-day flaws, 2 of which are currently being actively exploited.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | CVE-2025-21418 | Windows | High | 7.8 |
| Windows Storage Elevation of Privilege Vulnerability | CVE-2025-21391 | Windows | High | 7.1 |
| Microsoft Surface Security Feature Bypass Vulnerability | CVE-2025-21194 | Windows | High | 7.1 |
| NTLM Hash Disclosure Spoofing Vulnerability | CVE-2025-21377 | Windows | Medium | 6.5 |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21418 | Windows server and Windows 10 & 11 | Windows ancillary function driver for winsock elevation of privilege vulnerability enables attackers to escalate privileges to SYSTEM level. Specific exploitation details are not disclosed. | Unauthorized access with SYSTEM privileges. |
| CVE-2025-21391 | Windows server and Windows 10 & 11 | Windows storage elevation of privilege vulnerability allows attackers to delete targeted files on a system, potentially leading to service unavailability. Does not expose confidential data. | Deletion of critical data, leading to service disruption. |
| CVE-2025-21194 | Microsoft Surface | Microsoft surface security feature bypass vulnerability allows attackers to bypass UEFI protections, compromising the secure kernel. Likely related to “PixieFail” vulnerabilities affecting the IPv6 network stack in Tianocore’s EDK II firmware. | Bypass of security features, potentially compromising system integrity. |
| CVE-2025-21377 | Windows server and Windows 10 & 11 | NTLM hash disclosure spoofing vulnerability exposes NTLM hashes when a user interacts with a malicious file. Simply selecting or right-clicking a file could trigger a remote connection, allowing an attacker to capture NTLM hashes for cracking or pass-the-hash attacks. | Potential for attackers to authenticate as the user, leading to unauthorized access. |
Source: Microsoft
In addition to the actively exploited vulnerabilities, several other critical flaws were also addressed:
- CVE-2025-21376: A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability that could allow attackers to execute arbitrary code remotely.
- CVE-2025-21379: A DHCP Client Service RCE vulnerability that may enable remote attackers to execute code with elevated privileges.
- CVE-2025-21381: An RCE vulnerability in Microsoft Excel that could be triggered through malicious spreadsheet files.
Remediation:
- Apply Updates: Immediately install the February 2025 Patch Tuesday updates to address these vulnerabilities.
Conclusion:
The February 2025 Patch Tuesday release addresses critical security vulnerabilities, including actively exploited zero-days. Timely application of these updates is essential to protect systems from potential threats. Organizations should review the affected products and implement the necessary patches and mitigations to maintain security integrity.
The attack vector is local, meaning the attacker needs local access — physically or remotely, using SSH method without user interaction and if successful in exploiting, can give the attacker system privileges.
References:
Microsoft December 2024 Patch Tuesday: Critical Fixes for Zero-Day and Remote Code Execution
Summary
OEM | Microsoft |
Severity | High |
Date of Announcement | 2024-12-12 |
NO. of Vulnerabilities Patched | 71 |
Actively Exploited | 01 |
Exploited in Wild | Yes |
Advisory Version | 1.0 |
Overview
Microsoft released updates addressing 71 vulnerabilities across its product suite, including 1 actively exploited zero-day vulnerability. Critical patches include fixes for remote code execution (RCE) flaws in Windows TCP/IP and Windows Common Log File System (CLFS). Immediate attention is required for systems running Windows Server, Microsoft Exchange, and other affected components. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 30 Remote Code Execution (RCE) Vulnerabilities
- 27 Elevation of Privilege (EoP) Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 4 Denial of Service (DoS) Vulnerabilities
- 1Defense-in-depth improvement
- 1 Spoofing Vulnerabilities
The highlighted vulnerabilities include one zero-day flaw and critical RCE vulnerabilities, one of which is currently being actively exploited.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Unauthenticated Remote Code Execution in Windows LDAP | CVE-2024-49112 | Windows | Critical | 9.8 |
Remote Code Execution in Windows Hyper-V | CVE-2024-49117 | Windows | High | 8.8 |
Remote Code Execution via Use-After-Free in Remote Desktop Services | CVE-2024-49132 | Windows | High | 8.1 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2024-49138 | Windows | High | 7.8 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-49112 | Microsoft Windows Lightweight Directory Access Protocol (LDAP) | This vulnerability allows attackers to execute arbitrary code at the LDAP service level by sending specially crafted LDAP calls to a Windows Domain Controller. While Microsoft recommends disconnecting Domain Controllers from the Internet as a mitigation, applying the patch is the best course of action. | Remote Code Execution |
CVE-2024-49117 | Microsoft Windows Hyper-V | This vulnerability can be exploited by an authenticated attacker to execute code on the host operating system from a guest virtual machine. Cross-VM attacks are also possible. Although the attacker must have basic authentication, the vulnerability poses significant risks to virtualized environments. | Remote Code Execution |
CVE-2024-49132 | Microsoft Windows Remote Desktop Services | An attacker can exploit a use-after-free memory condition in Remote Desktop Gateway, allowing RCE. Exploitation requires precise timing, which makes this an advanced attack. Successful exploitation grants attackers control over the affected system. | Allows an attacker to execute remote code on systems using Remote Desktop Gateway |
CVE-2024-49138 | Windows Common Log File System Driver | This critical security flaw affects the Windows Common Log File System Driver and is classified as an Elevation of Privilege vulnerability. | It allows attackers to gain SYSTEM privileges on Windows devices, potentially giving them full control over the affected system. |
Additional Critical Patches Address High-Severity Vulnerabilities
- These are the eight other critical vulnerabilities that are rated 8.1 on the CVSS scale in Remote Desktop Services (CVE-2024-49116, CVE-2024-49108, CVE-2024-49106, CVE-2024-49115, CVE-2024-49128, CVE-2024-49123, CVE-2024-49120, CVE-2024-49119).
- Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (CVE-2024-49077).
- Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (CVE-2024-49132).
Remediation
- Ensure all December 2024 Patch Tuesday updates are applied promptly.
- Implement a routine patch management process to regularly check for and apply the latest Microsoft security updates and patches for all affected products.
- Create and test an incident response plan with defined communication channels and responsibilities to ensure readiness for any security breaches.
Recent Comments