Source URL: https://blog.talosintelligence.com/february-patch-tuesday-release/
Source: Cisco Talos Blog
Title: Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
Feedly Summary: Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate". The remaining vulnerabilities listed are classified as “important.”
AI Summary and Description: Yes
**Summary:** The text discusses Microsoft’s February 2025 security update, which includes details about 63 vulnerabilities across various products, with several critical vulnerabilities highlighted. Importantly, it describes specific vulnerabilities, their potential exploits, and corresponding CVSS scores. This update is particularly relevant for professionals involved in security risk assessments, incident response, and vulnerability management.
**Detailed Description:**
– **Overview of Security Update:**
– Microsoft released its February 2025 security update addressing 63 vulnerabilities across various products.
– Among the vulnerabilities, four were marked as “critical”, indicating a high urgency for remediation.
– **Notable Vulnerabilities:**
– **CVE-2025-21376**:
– Type: Remote Code Execution (RCE).
– Affects: Windows Lightweight Directory Access Protocol (LDAP).
– Description: An Out-of-bounds Write (OOBW) caused by a race condition, leading to potential arbitrary code execution in the Local Security Authority Subsystem Service (lsass.exe).
– CVSS Score: 8.1; Microsoft considers it “more likely to be exploited.”
– **CVE-2025-21379**:
– Type: Critical RCE.
– Affects: DHCP Client Service.
– Description: Allows arbitrary code execution when an attacker injects themselves into the logical network path.
– CVSS Score: 7.1; considered “less likely to be exploited.”
– **CVE-2025-21177**:
– Type: Critical privilege escalation vulnerability.
– Affects: Microsoft Dynamics 365 Sales.
– Description: Server-Side Request Forgery (SSRF) that enables privilege escalation.
– **CVE-2025-21381**:
– Type: Critical RCE.
– Affects: Microsoft Excel.
– Description: Can be triggered via the preview pane in affected applications, allowing an attacker to execute arbitrary code.
– Considered “less likely to be exploited.”
– **Others:** Several additional RCE and privilege escalation vulnerabilities were noted, some classified as “important.”
– **Exploited Vulnerabilities:**
– Two vulnerabilities, CVE-2025-21391 and CVE-2025-21418, are confirmed to be exploited in the wild, indicating their critical nature for immediate attention.
– **Talos’ Response:**
– Cisco’s Talos team is releasing a new Snort rule set to detect exploitation attempts for these vulnerabilities, thereby assisting organizations in bolstering their defenses.
– The highlighted Snort rules can help security teams to proactively mitigate risks related to these vulnerabilities.
– **Implications for Security Professionals:**
– Organizations need to prioritize patching these vulnerabilities, especially those classified as critical.
– Continuous monitoring for exploit attempts through updated defensive measures and rulesets is essential.
– The involvement of cybersecurity teams in vulnerability assessment and incident response preparation becomes crucial in light of in-the-wild exploits.
This comprehensive update emphasizes the ongoing risk landscape and the necessity for robust security practices in managing vulnerabilities effectively.