CVE-2025-21418 - Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Project:Microsoft
Product:Windows
Date Added:2025-02-11Due Date:2025-03-04
Vulnerability Name
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Description
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418
https://nvd.nist.gov/vuln/detail/CVE-2025-21418
Related News Articles
Microsoft's Patch Tuesday Fixes 63 Flaws, Including Two Under Active ExploitationFebruary 12, 2025
Microsoft's February Patch a Lighter Lift Than January'sFebruary 12, 2025
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flawsFebruary 12, 2025