Security & Threat Updates – February 2025:

Share This Article

Microsoft addressed 63 Common Vulnerabilities and Exposures (CVE’s) this month with 4 marked as zero-day vulnerabilities.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

• CVE-2025-21391 – Windows Storage Elevation of Privilege Vulnerability
  • Vulnerability not publicly disclosed but actively being exploited in the wild.
• CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • Vulnerability not publicly disclosed but actively being exploited in the wild.
• CVE-2025-21194 – Microsoft Surface Security Feature Bypass Vulnerability
  • Publicly disclosed vulnerability with 0 reports of being exploited in the wild.
• CVE-2025-21377 – NTLM Hash Disclosure Spoofing Vulnerability
  • Publicly disclosed vulnerability with 0 reports of being exploited in the wild.

Other Critical CVE’s:

• CVE-2025-21376 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
• CVE-2025-21379 – DHCP Client Service Remote Code Execution Vulnerability
• CVE-2025-21177 – Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
• CVE-2025-21387 – Microsoft Excel Remote Code Execution Vulnerability

3^rd Party Critical CVE’s:

Adobe Products:

• Adobe released 7 patches covering 45 CVE’s in Adobe Commerce, Illustrator, InCopy, InDesign, Photoshop Elements, Substance 3D Designer, and Substance 3D Stager.
  • Commerce
  • Illustrator
  • InCopy
  • InDesign
  • Photoshop Elements
  • Substance 3D Designer
  • Substance 3D Stager

AMD:

• AMD released mitigations and firmware updates to address a vulnerability that can be exploited to load malicious CPU microcode

Apple:

• Apple released a security update for a zero-day exploited in ‘extremely sophisticated’ attacks

Cisco:

• Cisco Released Security Updates for Multiple Products

Dell:

• Dell releases security updates for code execution and security bypass flaws in SONiC OS

Firefox:

• Firefox Fixes Several Vulnerabilities in Firefox 135

Google Chrome:

• Versions 133.0.6943.98/.99 were released for Windows & Apple and version 133.0.6943.98 for Linux on February 12^th .
• This update includes 4 Security Fixes.
• Chrome Release: February 12th 2025

Ivanti:

• Ivanti released security updates for Connect Secure, Neurons for MDM, and Cloud Service Application

SAP:

• SAP Released Security Updates for Multiple Products

About FortressSRM Cyber Hygiene Offering:

Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched. 

Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations. 

The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-time patch monitoring provides deep insight into approved, unapproved, pending, and failed patching efforts.

Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)