Tenable February 2025 Patch Tuesday Comment

Exposure Management | News and Updates | Security Operations | Threat Intelligence

Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. Remote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 34.5%. Please find below commentary […]

Posted: Wednesday, Feb 12

KBI.Media
$
Tenable February 2025 Patch Tuesday Comment

Tenable February 2025 Patch Tuesday Comment

Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. Remote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 34.5%. Please find below commentary from Satnam Narang, senior staff research engineer at Tenable and a full analysis in this blog.

Satnam Narang, Sr. Staff Research Rngineer at Tenable

“Microsoft patched 56 CVEs, including four zero-day vulnerabilities, two of which were exploited in the wild.

“The two zero days exploited in the wild include CVE-2025-21418, an elevation of privilege vulnerability in afd.sys, the Windows Ancillary Function Driver that interfaces with the Windows Sockets API (or WinSock) to enable Windows applications to connect to the internet. The second zero day is CVE-2025-21391, an elevation of privilege flaw in the way Windows handles file storage.

“Both flaws appear to be post-compromise related, which means an attacker would need to obtain local access to a vulnerable system through other means, like exploiting another vulnerability for initial access, some type of social engineering, or compromised/weak credentials.

“In 2025, five zero days were exploited in the wild as part of Patch Tuesday, and all five were elevation of privilege flaws.

“Since 2022, there have been nine elevation of privilege vulnerabilities in the Ancillary Function Driver for WinSock, three each year, including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193). According to the reports, CVE-2024-38193 was exploited by the North Korean APT group known as Lazarus Group (also known as Hidden Cobra or Diamond Sleet) to implant a new version of the FudModule rootkit in order to maintain persistence and stealth on compromised systems. At this time, it is unclear if CVE-2025-21418 was also exploited by Lazarus Group.

“Conversely, there have been seven elevation of privilege bugs categorized as Windows Storage, including two in 2022, one in 2023 and four in 2024, though this is the first to be categorised as exploited in the wild as a zero day.” – Satnam Narang, sr. staff research engineer, Tenable

Independent Cyber News.

In Other News…

New AI-Enhanced Romance Scams Are Stealing Aussie Hearts And Bank Accounts This Valentine’s Day

Armis, the Cyber Exposure Management & Security Company appoints Alex Mosher as President

Pax8 Names Marianne Wolf as Chief Ethics and Compliance Officer

Data Security And Quality Challenges Slow Liquidity Ambitions As Australian Companies’ AI Plans Progress: Boomi Report

Recent Articles

Exploring Opportunities, Fears, and the Future with AI

The New Ransomware Threat Targeting Global Institutions

‘Bring AI To Your Data’. NetApp Even Have T-Shirts To Prove It

How to protect against double-extortion ransomware attacks

Business News

Tech News

National Security News

Other Resources

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

National Security

KBI.FM - The Cyber Podcast Network

Threats & Reports