Microsoft Patches A “Wormable” Windows Bug and A Zero-Day Attack that Deletes Files
Microsoft Patches A “Wormable” Windows Bug and A Zero-Day Attack that Deletes Files
Synopsis:
- This month, the Microsoft Patch Tuesday machine was humming loudly with urgent remedies for two Windows zero-day vulnerabilities that had previously been exploited.
- With the release of urgent updates for two zero-day vulnerabilities in its flagship Windows platform that have already been exploited, Microsoft’s Patch Tuesday machine hummed loudly this month.
A privilege escalation bug in Windows Storage and a code execution issue in the Windows Ancillary Function Driver for WinSock were reported for immediate attention due to active exploitation, and Redmond’s security response team fixed at least 55 documented software flaws in Windows OS and applications.
Attackers can remove certain files from a system using the Windows Storage Elevation of Privilege problem (CVE-2025-21391), which could result in significant disruption and service interruptions.
Additionally, the business warned that the Windows Ancillary Function Driver for WinSock had a severe weakness that gives a successful attacker SYSTEM rights and advised Windows administrators to prioritize CVE-2025-21418 as an urgent problem.
Three bulletins received critical severity ratings from Microsoft, which also pointed out that two other vulnerabilities have already been reported in public.
Additionally, security professionals are drawing attention to CVE-2025-21376, a vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) that involves remote code execution.
In order to successfully exploit this vulnerability, an attacker must win a race condition. A specifically constructed request could be sent to a susceptible LDAP server by an unauthenticated attacker. If exploitation is successful, a buffer overflow may occur, which might be used to execute code remotely, according to Microsoft.
ZDI, a software patch tracking business, claims that this flaw should be regarded as “wormable” amongst impacted LDAP servers. “Promptly test and implement the patch,” ZDI stated in an advisory.
Additionally, solutions for remote code execution problems in the widely used Microsoft Excel spreadsheet program are being sent to Windows users.
CVE-2025-21387, the most critical Microsoft Excel vulnerability, can be exploited through the Preview Pane; hence, user input is not necessary for the exploit to be successful. It will take several updates to resolve this problem fully.
The biggest software company in the world also drew attention to two vulnerabilities, CVE-2025-21194 and CVE-2025-21377, that had previously been made public before patches were made available.
These fixes fix a spoofing vulnerability in NTLM Hash and a feature bypass fault in Microsoft Surface. Microsoft stated that this vulnerability allows an attacker to obtain a user’s NTLMv2 hash and use it to authenticate themselves as the user.
Microsoft did not supply telemetry information or Indicators of Compromise (IOCs) to assist defenders in searching for indications of compromise, as is common.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
READ MORE HERE
Apple iPhones and MacBooks Product Consumers are more vulnerable to hacking, Reports CERT-In
About Author
English