DNVN - On February 18, in response to the emergence of 13 new security vulnerabilities in Microsoft products, the Department of Information Security made recommendations to help units and organizations review their systems, promptly detect and handle them, and limit the risk of cyber attacks.
The Department of Information Security determined that these 13 security vulnerabilities have a high and serious impact level, and are among 67 new vulnerabilities announced by Microsoft in the February 2025 patch. In the list of newly announced vulnerabilities, there are 10 vulnerabilities that allow hackers to execute code remotely, including: CVE-2025-21376 in Windows Lightweight Directory Access Protocol; CVE-2025-21400 on Microsoft SharePoint Server; two vulnerabilities CVE-2025-21392, CVE-2025-21397 in Microsoft Office; five vulnerabilities CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 affecting Microsoft Excel and CVE-2025-21379 in DHCP Client Service.
In addition, two security vulnerabilities are being exploited by hackers in the wild, including CVE-2025-21418 in Windows Ancillary Function Driver for WinSock and CVE-2025-21391 in Windows Storage. These vulnerabilities allow attackers to escalate privileges.
For Windows systems, organizations should also be aware of the vulnerability CVE-2025-21377, which can leak NTLM hashes – the cryptographic format used to store passwords on Windows systems. If exploited, attackers can spoof, hijacking user credentials to access the system.
According to security experts, these serious security vulnerabilities can be exploited by hackers to illegally gain access, causing information insecurity and negatively impacting the systems of agencies, organizations and businesses.
Therefore, the Information Security Department recommends that agencies, organizations and businesses carefully study the vulnerabilities that have been warned; conduct checks and reviews to identify computers running Windows operating systems that are at risk of being affected. If the system is affected by these security vulnerabilities, it is necessary to quickly deploy patch updates according to Microsoft's instructions. At the same time, units are encouraged to strengthen monitoring and prepare response plans if signs of attack are detected; regularly monitor warning channels from authorities and large organizations in the field of information security to promptly identify risks of network insecurity.
Thanh Mai (t/h)
Source: https://doanhnghiepvn.vn/cong-nghe/cuc-an-toan-thong-tin-dua-canh-bao-13-lo-hong-bao-mat-moi-trong-cac-san-pham-cua-microsoft/20250219110930213
Comment (0)