According to the Department of Information Security, of the 13 security vulnerabilities announced this time, 10 vulnerabilities allow attackers to execute code remotely.
Illustration: securityaffairs.com
On February 18, based on warnings about 13 new security vulnerabilities in Microsoft products, the Department of Information Security recommended that units and organizations review their systems to detect and handle them promptly to minimize the risk of cyber attacks.
The Department of Information Security assessed that these are 13 security vulnerabilities with high and serious impact levels, included in the February 2025 patch list, with 67 new vulnerabilities released by global technology company Microsoft.
Notably, of the 13 security vulnerabilities announced this time, there are 10 vulnerabilities that allow attackers to execute code remotely, including: CVE-2025-21376 in Windows Lightweight Directory Access Protocol; CVE-2025-21400 in Microsoft SharePoint Server; 2 vulnerabilities CVE-2025-21392, CVE-2025-21397 in Microsoft Office; 5 vulnerabilities CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 in Microsoft Excel, and CVE-2025-21379 in DHCP Client Service.
There are also two security vulnerabilities that are being exploited in the wild by cyber attackers: CVE-2025-21418 in Windows Ancillary Function Driver for WinSock and CVE-2025-21391 in Windows Storage. Both of these vulnerabilities allow attackers to escalate privileges.
Units with systems using Windows operating systems are also required to pay attention to the CVE-2025-21377 vulnerability that exposes NTLM hashes (a cryptographic format used to store user passwords on Windows systems). Attackers can perform spoofing attacks by exploiting this vulnerability, obtaining user passwords, and logging into the system.
According to cybersecurity experts, these security vulnerabilities have a high and serious impact and can be exploited by attackers to carry out illegal activities, causing information security risks and affecting information systems of agencies, organizations and businesses.
Therefore, the Information Security Department recommends that agencies, organizations and businesses study information about the security vulnerabilities that have been warned; check, review and identify computers using the Windows operating system that are likely to be affected.
In case the system is affected by new security vulnerabilities, it is necessary to update the patches for the vulnerabilities according to Microsoft's instructions.
At the same time, units are recommended to strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks; regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.
Source: https://tuoitre.vn/canh-bao-13-lo-hong-bao-mat-moi-trong-cac-san-pham-microsoft-20250218212845427.htm
Comment (0)