5 min read
By: RedLegg Blog
*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Windows Storage Elevation of Privilege Vulnerability
CVSS Score: 7.1 (High)
Identifier: CVE-2025-21391
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-21391 – Microsoft Security Advisory
Description: CVE-2025-21391 is an elevation of privilege vulnerability in Windows Storage. This flaw allows a local, authenticated attacker to delete targeted files on a system, potentially leading to service disruption. While it does not permit the disclosure of confidential information, the unauthorized deletion of critical files can render services unavailable.
Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS Score: 7.8 (High)
Identifier: CVE-2025-21418
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-21418 – Microsoft Security Advisory
Description: CVE-2025-21418 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver (AFD) for WinSock. This flaw allows a local, authenticated attacker to execute code with SYSTEM privileges by running a specially crafted program. Successful exploitation could lead to a complete system compromise. Microsoft has reported active exploitation of this vulnerability in the wild.
Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
