Microsoft tracked Tuesday’s update this month to a major patch in January, including fixes for 159 vulnerabilities with more modest crops. This time, we released 57 new common vulnerabilities and exposure (CVE) fixes in the update, three of which are important.
The Zero Day Initiative’s Dustin Childs describes one of the vulnerabilities as unprecedented in the wild. This is Windows Storage Height Privilege (EOP) vulnerability, CVE-2025-21391.
In a blog post, Childs said: “This is… a kind of bug that we’ve never seen. The vulnerability allows attackers to delete target files. How does this lead to privilege escalation? My colleague, Simon Zucker Brown details the technique here. We’ve seen similar issues in the past, but this seems to be the first time this technique has been exploited in the wild. We also have completely lost the system. It could be paired with a code execution bug to take over. We’ll quickly test and deploy this.”
In Computer Weekly’s sister title SearchWindowsServer, Tom Walat chose two new zero-day vulnerabilities Microsoft fixed in the patch on Tuesday.
“The first new zero-day is the Winsock Ancillary Function driver for Winsock Promotion Vulnerability (CVE-2025-21418), rated as important with a CVSS (Common Vulnerability Scoring System) score of 7.8. This bug affects all currently supported Windows desktop and server systems,” he writes.
The second new zero day is the Storage EOP Vulnerability (CVE-2025-21391) commented on by Childrens. Walat added: If successful, an attacker can delete files on the system, causing service disruptions and take other actions, such as increasing privileges. ”
Childs has selected CVE-2025-21376, a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) vulnerability. “The vulnerability allows remote, unrecognized attackers to execute code on the affected system simply by sending a malicious request to the target,” he writes. “Because user interactions are not involved, this bug will be decorative between affected LDAP servers. Microsoft lists this as “highly exploitable” so this is It may not be possible, but I treat this as urgent exploitation. Quickly test and deploy patches. ”
In the CVE note for this “critical” vulnerability with a CVSS rating of 8.1, Microsoft said: Successful exploitation can result in buffer overflows, which can be used to enable remote code execution. ”
The update also includes several bug fixes for Microsoft Excel, including the RCE vulnerability CVE-2025-21387. “This is one of several Excel fixes where the preview pane is an attack vector, and I’m also confused that Microsoft needs user interaction,” Childs said. “They also need multiple patches to fully address this vulnerability. This can be used to open malicious Excel files or preview malicious attachments in Outlook. This can be exploited by doing so. In any case, make sure you have tested and deployed all the patches you need.”
The vulnerability is one of six Excel flaws that Microsoft fixed this month, which proved to be a relatively light patch on Tuesday.
