The February update resolves two vulnerabilities categorized as Important by Microsoft, with a heightened emphasis on patching the Windows Ancillary Function Driver for WinSock, which has been exploited in active attacks. CVE-2025-21391 involves a Windows storage flaw that allows file deletions and potentially broader attacks like privilege escalation. Experts emphasize that a lack of user interaction is required for these vulnerabilities to be patched, and previous instances of exploitation have been linked to advanced persistent threat groups, indicating the urgency of addressing these security flaws.
The Windows AFD for WinSock vulnerability has seen active exploitation, making it critical to patch, despite being rated Important by Microsoft.
CVE-2025-21391 could lead to file deletion but poses even greater threats such as privilege escalation and unwanted access to security.
Collection
[
|
...
]