This month, Microsoft rolled out its Patch Tuesday update, fixing 57 vulnerabilities, including three critical ones, following a much larger update in January that addressed 159 issues.
Dustin Childs from the Zero Day Initiative highlighted a particularly alarming vulnerability: CVE-2025-21391, a Windows storage elevation of privilege (EOP) flaw. He called it unprecedented because it’s the first time this type of bug has been exploited in the wild. This vulnerability lets an attacker delete specific files, potentially leading to privilege escalation. Childs urged users to test and deploy the patch quickly, as this flaw may work in tandem with a code execution bug to gain full control of a system.
In a related piece on SearchWindowsServer, Tom Walat pointed out two new zero-day vulnerabilities in this update. The first one, CVE-2025-21418, is a Windows Ancillary Function Driver vulnerability also related to EOP, rated important with a CVSS score of 7.8. This affects all supported Windows desktop and server systems.
The second zero-day, CVE-2025-21391, is the same storage EOP bug Childs discussed. Walat noted that an attacker can exploit this flaw with just low privileges and local network access, allowing them to delete files and potentially escalate their privileges.
Childs also mentioned CVE-2025-21376, a Windows Lightweight Directory Access Protocol (LDAP) remote code execution (RCE) vulnerability. This allows an unauthenticated attacker to execute code on a vulnerable system by sending a malicious request. Since the attack doesn’t require user interaction, it can easily propagate between LDAP servers. Microsoft considers this a likely target for exploitation, so it’s crucial to address it promptly.
Microsoft rated this LDAP vulnerability as critical, with a CVSS score of 8.1. Exploiting it could lead to a buffer overflow, enabling remote code execution.
In addition to these vulnerabilities, Microsoft issued several fixes for Excel, including CVE-2025-21387, another RCE vulnerability. This flaw takes advantage of the Preview Pane, complicating its nature since Microsoft notes it requires user interaction. The vulnerability can be exploited through a malicious Excel file or an unsafe preview in Outlook. Childs emphasized the importance of applying all necessary patches, as this was one of six Excel flaws addressed in this relatively light update.