DNVN - On February 18th, in response to the discovery of 13 new security vulnerabilities in Microsoft products, the Information Security Department issued recommendations to help organizations review their systems, promptly detect and address vulnerabilities, and mitigate the risk of cyberattacks.
The Information Security Department assessed that these 13 security vulnerabilities are highly significant and serious, among the 67 new vulnerabilities announced by Microsoft in the February 2025 patch. Of the newly announced vulnerabilities, 10 allow hackers to execute remote code, including: CVE-2025-21376 in Windows Lightweight Directory Access Protocol; CVE-2025-21400 in Microsoft SharePoint Server; and two vulnerabilities, CVE-2025-21392 and CVE-2025-21397, in Microsoft Office. The five vulnerabilities CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 affect Microsoft Excel, and CVE-2025-21379 affects the DHCP Client Service.
In addition, two security vulnerabilities currently being exploited by hackers are CVE-2025-21418 in the Windows Ancillary Function Driver for WinSock and CVE-2025-21391 in Windows Storage. These vulnerabilities allow attackers to perform privilege escalation.
For systems using Windows, organizations should also be aware of the CVE-2025-21377 vulnerability, which can leak NTLM hash codes – a cryptographic format used to store passwords on Windows systems. If exploited, attackers could perform identity spoofing, hijacking user login credentials to access the system.
According to security experts, these serious security vulnerabilities could be exploited by hackers to gain unauthorized access, compromising information security and negatively impacting the systems of agencies, organizations, and businesses.
Therefore, the Information Security Department recommends that agencies, organizations, and businesses thoroughly investigate the vulnerabilities that have been warned about; conduct checks and reviews to identify computers running Windows operating systems that are at risk of being affected. If the system is affected by these security vulnerabilities, it is necessary to quickly deploy patch updates according to Microsoft's instructions. At the same time, units are encouraged to strengthen monitoring and prepare response plans if signs of attack are detected; regularly monitor warning channels from authorities and major organizations in the field of information security to promptly identify network security risks.
Thanh Mai (t/h)
Source: https://doanhnghiepvn.vn/cong-nghe/cuc-an-toan-thong-tin-dua-canh-bao-13-lo-hong-bao-mat-moi-trong-cac-san-pham-cua-microsoft/20250219110930213
![[Photo] Explore the US Navy's USS Robert Smalls warship](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F10%2F1765341533272_11212121-8303-jpg.webp&w=3840&q=75)
![[Video] The craft of making Dong Ho folk paintings has been inscribed by UNESCO on the List of Crafts in Need of Urgent Safeguarding.](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/10/1765350246533_tranh-dong-ho-734-jpg.webp)
Comment (0)