We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Zero Day Initiative — The February 2025 Security Update Review

February 11, 2025

As we navigate through the second Patch Tuesday of 2025, the tech landscape continues to evolve, with Microsoft and Adobe unveiling their latest security patches. This month’s updates are particularly noteworthy, addressing a range of vulnerabilities that could potentially impact users and organizations alike.

Adobe Patches for February 2025

Adobe has rolled out seven bulletins this February, tackling a total of 45 CVEs across various products, including Adobe InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Adobe Photoshop Elements. The most significant update comes from Adobe Commerce, which addresses 31 CVEs. Among these, several critical vulnerabilities have been identified, including:

  • InDesign: The update resolves seven bugs, four of which are rated Critical.
  • Illustrator: Three critical bugs could lead to arbitrary code execution when a malicious file is opened.
  • Substance 3D Stager: A single DoS bug has been fixed.
  • InCopy: This patch addresses a critical-rated code execution vulnerability.
  • Substance 3D Designer: Similar to InCopy, this patch also fixes a critical-rated code execution issue.
  • Photoshop Elements: An important-rated privilege escalation vulnerability has been addressed.

Importantly, none of the vulnerabilities patched by Adobe this month are publicly known or under active attack at the time of release, with the updates categorized as a deployment priority rating of 3.

Microsoft Patches for February 2025

On the Microsoft front, the company has released patches for 57 new CVEs affecting Windows and its components, Office, Azure, Visual Studio, and Remote Desktop Services. This brings the total count to 67 CVEs when including third-party submissions through the Trend ZDI program. The severity ratings for this month’s patches are as follows:

  • 3 rated Critical
  • 53 rated Important
  • 1 rated Moderate

After a series of record-breaking releases, this month’s volume of fixes aligns more closely with industry expectations, and there is hope that this trend will continue throughout 2025. Notably, two of the vulnerabilities are publicly known, while two others are under active attack. Here’s a closer look at some of the more critical updates:

  • CVE-2025-21391 – Windows Storage Elevation of Privilege Vulnerability: This vulnerability allows attackers to delete targeted files, leading to privilege escalation. It’s a type of bug not previously seen exploited publicly, making it imperative to test and deploy the patch swiftly.
  • CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability: This traditional privilege escalation vulnerability requires an authenticated user to run a specially crafted program. While Microsoft hasn’t disclosed the extent of the attacks, rapid testing and deployment of the patch is advised.
  • CVE-2025-21376 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability: This allows a remote, unauthenticated attacker to execute code on an affected system by sending a malicious request. Given its potential for worm-like exploitation, prompt action is recommended.
  • CVE-2025-21387 – Microsoft Excel Remote Code Execution Vulnerability: This vulnerability can be exploited through the Preview Pane in Excel, requiring user interaction. Multiple patches are necessary to fully address this issue, so thorough testing and deployment are essential.

For a comprehensive overview of all the CVEs released by Microsoft this month, further details can be found in their official documentation.

Winsage
Zero Day Initiative — The February 2025 Security Update Review