Microsoft has addressed 63 security vulnerabilities in its software, including two critical vulnerabilities that are actively exploited: CVE-2025-21391 and CVE-2025-21418. These vulnerabilities pose a threat of deletion of important files and privilege escalation, potentially allowing full control over systems. Microsoft emphasized that while one of the vulnerabilities may not disclose confidential information, it can disrupt service by deleting data. The update is significant given previous exploits involving similar vulnerabilities, especially linked to advanced threat actors like North Korea's Lazarus Group.
An attacker would only be able to delete targeted files on a system... but could allow an attacker to delete data that could include data that results in the service being unavailable.
CVE-2025-21418...could be exploited to achieve SYSTEM privileges, potentially allowing attackers to gain complete control over a targeted system.
Collection
[
|
...
]