![Tripwire VERT Security Update](/sites/default/files/2023-02/tripwire_vert1_0.png)
Today’s VERT Alert addresses Microsoft’s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file system. Instead, it only allows attackers to delete files they wouldn’t otherwise have permission to remove. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability in the Windows Ancillary Function Driver (AFD) for WinSock could allow for an elevation of privilege to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability has been disclosed that could allow the disclosure of a user’s NTLMv2 hash. In addition to installing regular security updates, some users may have to install an IE cumulative update for older operating systems like Server 2008, Server 2008 R2, and Server 2012 R2. Microsoft has reported this vulnerability as Exploitation More Likely.
This vulnerability, a security feature bypass, on Surface devices is related to Virtual Machines and could allow attackers to bypass UEFI, compromising the hypervisor. It is important to note that only Surface devices are impacted by this vulnerability. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag | CVE Count | CVEs |
Azure Network Watcher | 1 | CVE-2025-21188 |
Visual Studio | 1 | CVE-2025-21206 |
Active Directory Domain Services | 1 | CVE-2025-21351 |
Windows Internet Connection Sharing (ICS) | 4 | CVE-2025-21352, CVE-2025-21212, CVE-2025-21216, CVE-2025-21254 |
Microsoft Digest Authentication | 2 | CVE-2025-21368, CVE-2025-21369 |
Microsoft Streaming Service | 1 | CVE-2025-21375 |
Windows LDAP - Lightweight Directory Access Protocol | 1 | CVE-2025-21376 |
Windows DHCP Server | 1 | CVE-2025-21379 |
Microsoft Office Excel | 6 | CVE-2025-21383, CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 |
Windows Resilient File System (ReFS) Deduplication Service | 2 | CVE-2025-21182, CVE-2025-21183 |
Windows Storage | 1 | CVE-2025-21391 |
Windows Ancillary Function Driver for WinSock | 1 | CVE-2025-21418 |
Windows Setup Files Cleanup | 1 | CVE-2025-21419 |
Windows Disk Cleanup Tool | 1 | CVE-2025-21420 |
Open Source Software | 1 | CVE-2023-32002 |
Microsoft AutoUpdate (MAU) | 1 | CVE-2025-24036 |
Visual Studio Code | 2 | CVE-2025-24039, CVE-2025-24042 |
Outlook for Android | 1 | CVE-2025-21259 |
Microsoft Dynamics 365 Sales | 1 | CVE-2025-21177 |
Microsoft Edge (Chromium-based) | 9 | CVE-2025-0444, CVE-2025-0445, CVE-2025-0451, CVE-2025-21342, CVE-2025-21267, CVE-2025-21279, CVE-2025-21283, CVE-2025-21404, CVE-2025-21408 |
Microsoft Edge for iOS and Android | 1 | CVE-2025-21253 |
Microsoft Surface | 1 | CVE-2025-21194 |
Windows Routing and Remote Access Service (RRAS) | 2 | CVE-2025-21208, CVE-2025-21410 |
Windows Telephony Service | 5 | CVE-2025-21406, CVE-2025-21407, CVE-2025-21190, CVE-2025-21200, CVE-2025-21371 |
Windows Telephony Server | 1 | CVE-2025-21201 |
Microsoft Windows | 1 | CVE-2025-21337 |
Windows Update Stack | 1 | CVE-2025-21347 |
Windows Remote Desktop Services | 1 | CVE-2025-21349 |
Windows Kerberos | 1 | CVE-2025-21350 |
Windows CoreMessaging | 2 | CVE-2025-21358, CVE-2025-21184 |
Windows Kernel | 1 | CVE-2025-21359 |
Windows Win32 Kernel Subsystem | 1 | CVE-2025-21367 |
Windows NTLM | 1 | CVE-2025-21377 |
Microsoft Office | 2 | CVE-2025-21392, CVE-2025-21397 |
Microsoft Office SharePoint | 1 | CVE-2025-21400 |
Windows DHCP Client | 1 | CVE-2025-21179 |
Windows Message Queuing | 1 | CVE-2025-21181 |
Microsoft PC Manager | 1 | CVE-2025-21322 |
Windows DWM Core Library | 1 | CVE-2025-21414 |
Windows Installer | 1 | CVE-2025-21373 |
Mariner | 74 | CVE-2017-17522, CVE-2024-7264, CVE-2022-32746, CVE-2020-22217, CVE-2024-35849, CVE-2024-27433, CVE-2024-4323, CVE-2024-25629, CVE-2020-15999, CVE-2024-22667, CVE-2024-45310, CVE-2024-24786, CVE-2023-3297, CVE-2021-32142, CVE-2015-1029, CVE-2023-45853, CVE-2024-53263, CVE-2024-45338, CVE-2022-32149, CVE-2024-3727, CVE-2024-6104, CVE-2022-49043, CVE-2022-47022, CVE-2023-45288, CVE-2007-4559, CVE-2017-18207, CVE-2024-52338, CVE-2019-20907, CVE-2021-23336, CVE-2024-28180, CVE-2024-9681, CVE-2024-34062, CVE-2024-32021, CVE-2024-32020, CVE-2024-32465, CVE-2024-50349, CVE-2024-52006, CVE-2025-23083, CVE-2024-7383, CVE-2021-20286, CVE-2023-39325, CVE-2022-40898, CVE-2019-14584, CVE-2023-40546, CVE-2022-28737, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2024-9676, CVE-2020-27840, CVE-2024-37535, CVE-2023-1393, CVE-2021-20277, CVE-2019-3833, CVE-2023-27043, CVE-2019-3816, CVE-2019-9674, CVE-2012-6708, CVE-2015-9251, CVE-2024-35827, CVE-2013-2094, CVE-2025-22134, CVE-2024-51744, CVE-2023-3978, CVE-2022-41723, CVE-2024-53899, CVE-2024-43806, CVE-2024-45339, CVE-2012-6655, CVE-2024-40897, CVE-2022-4055, CVE-2019-11358, CVE-2023-47108, CVE-2022-23901 |
Microsoft High Performance Compute Pack (HPC) Linux Node Agent | 1 | CVE-2025-21198 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.