Security News > 2025 > February > Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)

February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which interfaces with the Windows Sockets API to enable Windows applications to connect to the internet. It can be exploited by attackers to elevate privileges on the target host. “An authenticated user would need to run … More → The post Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) appeared first on Help Net Security.

News URL

https://www.helpnetsecurity.com/2025/02/11/microsoft-fixes-exploited-zero-days-cve-2025-21418-cve-2025-21391-patch-tuesday/