The Microsoft Patch Tuesday machine hummed loudly this month with the rollout of urgent fixes for a pair of already-exploited zero-days in its flagship Windows platform.
Redmond’s security response team patched at least 55 documented software defects in Windows OS and applications, and flagged a privilege escalation bug in Windows Storage, along with a code execution issue in the Windows Ancillary Function Driver for WinSock for immediate attention due to active exploitation.
The Windows Storage Elevation of Privilege bug, tagged as CVE-2025-21391, lets attackers delete targeted files on a system, potentially causing major disruption and service outages.
The company also urged Windows administrators to prioritize CVE-2025-21418 as a matter of urgency, warning that the Windows Ancillary Function Driver for WinSock contains a nasty flaw that provides SYSTEM privileges to a successful attacker.
Microsoft slapped critical-severity ratings on three bulletins and noted that two other issues have already been publicly discussed.
Security experts are also calling attention to CVE-2025-21376 which covers a remote code execution bug in the Windows Lightweight Directory Access Protocol (LDAP).
“Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in a buffer overflow which could be leveraged to achieve remote code execution,” Microsoft said.
According to ZDI, a company that tracks software patches, this bug should be considered “wormable” between affected LDAP servers. “Test and deploy the patch quickly,” ZDI said in a bulletin.
Windows users are also being pushed to apply fixes for remote code execution issues in the widely deployed Microsoft Excel spreadsheet product.
The most serious of the Microsoft Excel vulnerabilities — CVE-2025-21387 – can be exploited via the Preview Pane, meaning that user interaction is not required for a successful exploit. Multiple patches are necessary to comprehensively fix this issue.
The world’s largest software maker also called attention to two issues — CVE-2025-21194 and CVE-2025-21377 — that have already been publicly documented ahead of the availability of fixes.
These patches address a feature bypass bug in Microsoft Surface and spoofing flaw in NTLM Hash. “This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user,” Microsoft said.
As is customary, Microsoft did not provide Indicators of Compromise (IOCs) or telemetry data to help defenders hunt for signs of compromise.
Related: Adobe Fixes 45 Software Flaws, Warn of Code Execution Risks
Related: iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Related: High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
