Microsoft security alert.
February 11, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 52 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Server Security Update for February 2025
- Severity
- Critical 4
- Qualys ID
- 110488
- Vendor Reference
- KB5002678, KB5002681, KB5002685
- CVE Reference
- CVE-2025-21400
- CVSS Scores
- Base 9 / Temporal 6.7
- Description
-
Microsoft has released February 2025 security update to fix Remote Code Execution vulnerabilities in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of the Filename, patched version, and KB details checked for each applicable Product:
WSSSETUP.DLL - 16.0.5487.1000 (KB5002685)
ONETUTIL.DLL - 16.0.10416.20050 (KB5002678)
mssmsg.dll - 16.0.17928.20396 (KB5002681) - Consequence
-
Vulnerable SharePoint may be prone to Remote Code Execution Vulnerabilities.
- Solution
-
Customers are advised to refer to the below Article:
CVE-2025-21400 for more information regarding the vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21400
-
Microsoft Office Security Update for February 2025
- Severity
- Critical 4
- Qualys ID
- 110489
- Vendor Reference
- KB5002179, KB5002679, KB5002684, KB5002686, KB5002687, Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac
- CVE Reference
- CVE-2025-21381, CVE-2025-21383, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21392, CVE-2025-21394, CVE-2025-21397
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released February 2025 security updates to fix Remote Code Execution, and Information Disclosure vulnerabilities.
This security update contains the following:
KB5002179
KB5002684
KB5002686
KB5002687
KB5002679
Office Release Notes for Mac and
Office Click-2-Run and Office 365 Release NotesQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, and Information Disclosure Vulnerabilities.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-21381,
CVE-2025-21383,
CVE-2025-21386,
CVE-2025-21387,
CVE-2025-21390,
CVE-2025-21392,
CVE-2025-21394, and
CVE-2025-21397 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21381
CVE-2025-21383
CVE-2025-21386
CVE-2025-21387
CVE-2025-21390
CVE-2025-21392
CVE-2025-21394
CVE-2025-21397
-
Microsoft Visual Studio Code Security Update for February 2025
- Severity
- Critical 4
- Qualys ID
- 382812
- Vendor Reference
- CVE-2025-24039, CVE-2025-24042
- CVE Reference
- CVE-2025-24039, CVE-2025-24042
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.97.1QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
A successful attack will cause attacker to gain Elevated Privileges
- Solution
-
Customers are advised to refer to CVE-2025-24039 and CVE-2025-24042for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24039
CVE-2025-24042
-
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability for February 2025
- Severity
- Serious 3
- Qualys ID
- 382813
- Vendor Reference
- CVE-2025-24036
- CVE Reference
- CVE-2025-24036
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
An elevation of privilege vulnerability exists in Microsoft AutoUpdate (MAU) application for Mac perform commands as Root in the target environment.
Affected Software:
Microsoft AutoUpdate for Mac version prior to 4.77QID Detection Logic (Authenticated):
The authenticated check looks for installed Mac packages. - Consequence
-
An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.
- Solution
-
Vendor has released patch. Please refer to the Microsoft Security Advisory for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24036
-
Microsoft PC Manager Elevation of Privilege Vulnerability for February 2025
- Severity
- Critical 4
- Qualys ID
- 92212
- Vendor Reference
- CVE-2025-21322
- CVE Reference
- CVE-2025-21322
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft PC Manager is a utility app for your PC. It offers features such as one-click boost, storage clean-up, file management, and protection of your default settings from unauthorized changes.
QID Detection Logic:
This authenticated QID runs a WMI query to fetch the Microsoft PC Manager app version. - Consequence
-
An authenticated attacker could exploit this vulnerability to execute arbitrary code on the targeted system with elevated privileges.
- Solution
-
Customers are advised to refer to CVE-2025-21322 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-21322
-
Microsoft Windows Server Security Update for February 2025
- Severity
- Critical 4
- Qualys ID
- 92213
- Vendor Reference
- KB5051979, KB5051980, KB5051987, KB5052000, KB5052006, KB5052016, KB5052020, KB5052032, KB5052038, KB5052042, KB5052072, KB5052105, KB5052106
- CVE Reference
- CVE-2025-21179, CVE-2025-21181, CVE-2025-21182, CVE-2025-21183, CVE-2025-21184, CVE-2025-21190, CVE-2025-21200, CVE-2025-21201, CVE-2025-21208, CVE-2025-21212, CVE-2025-21216, CVE-2025-21254, CVE-2025-21337, CVE-2025-21347, CVE-2025-21349, CVE-2025-21350, CVE-2025-21351, CVE-2025-21352, CVE-2025-21358, CVE-2025-21359, CVE-2025-21367, CVE-2025-21368, CVE-2025-21369, CVE-2025-21371, CVE-2025-21373, CVE-2025-21375, CVE-2025-21376, CVE-2025-21377, CVE-2025-21379, CVE-2025-21391, CVE-2025-21406, CVE-2025-21407, CVE-2025-21410, CVE-2025-21414, CVE-2025-21418, CVE-2025-21419, CVE-2025-21420
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
Microsoft Windows Server Security Update for February 2025
Affected Operating System: Windows Server 2008, Windows Server 2022, Windows Server 2019, Windows Server 2012, Windows Server 2016, Windows Server 2025
KB5052016
KB5051979
KB5051980
KB5052000
KB5052072
KB5052032
KB5052020
KB5052042
KB5052006
KB5052038
KB5051987
KB5052105
KB5052106
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5052016
KB5051979
KB5051980
KB5052000
KB5052072
KB5052032
KB5052020
KB5052042
KB5052006
KB5052038
KB5051987
KB5052105
KB5052106
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5051979
KB5051980
KB5051987
KB5052000
KB5052006
KB5052016
KB5052020
KB5052032
KB5052038
KB5052042
KB5052072
KB5052105
KB5052106
-
Microsoft Visual Studio Security Update for February 2025
- Severity
- Urgent 5
- Qualys ID
- 92214
- Vendor Reference
- CVE-2023-32002, CVE-2025-21206
- CVE Reference
- CVE-2023-32002, CVE-2025-21206
- CVSS Scores
- Base 0 / Temporal 0
- Description
-
Microsoft has released February 2025 security updates for Visual Studio to fix Remote Code Execution and Elevation of Privilege vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.12 prior to 17.12.5
Microsoft Visual Studio 2022 version 17.10 prior to 17.10.11
Microsoft Visual Studio 2022 version 17.8 prior to 17.8.18
Microsoft Visual Studio 2019 version 16.0 prior to 16.11.44
Microsoft Visual Studio 2017 version 15.0 prior to 15.9.70
QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. For Visual Studio 2015 Update 3, this QID checks the version of DiagnosticsHub.StandardCollector.Runtime.dll file. - Consequence
-
Vulnerable versions of Visual Studio may be prone to one or more of these vulnerabilities: Remote Code Execution and/or Elevation of Privileges.
- Solution
-
Customers are advised to refer to:
CVE-2025-21206 and
CVE-2023-32002
for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-32002
CVE-2025-21206
-
Microsoft Windows Security Update for February 2025
- Severity
- Critical 4
- Qualys ID
- 92215
- Vendor Reference
- KB5051974, KB5051987, KB5051989, KB5052000, KB5052006, KB5052040
- CVE Reference
- CVE-2025-21179, CVE-2025-21181, CVE-2025-21182, CVE-2025-21183, CVE-2025-21184, CVE-2025-21190, CVE-2025-21200, CVE-2025-21201, CVE-2025-21208, CVE-2025-21212, CVE-2025-21216, CVE-2025-21254, CVE-2025-21337, CVE-2025-21347, CVE-2025-21349, CVE-2025-21350, CVE-2025-21351, CVE-2025-21352, CVE-2025-21358, CVE-2025-21359, CVE-2025-21367, CVE-2025-21368, CVE-2025-21369, CVE-2025-21371, CVE-2025-21373, CVE-2025-21375, CVE-2025-21376, CVE-2025-21377, CVE-2025-21379, CVE-2025-21391, CVE-2025-21406, CVE-2025-21407, CVE-2025-21410, CVE-2025-21414, CVE-2025-21418, CVE-2025-21419, CVE-2025-21420
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
Microsoft Windows Security Update for February 2025
Affected Operating System: Windows 10, Windows 11
KB5052000
KB5051974
KB5052040
KB5052006
KB5051989
KB5051987
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5052000
KB5051974
KB5052040
KB5052006
KB5051989
KB5051987
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5051974
KB5051987
KB5051989
KB5052000
KB5052006
KB5052040
These new vulnerability checks are included in Qualys vulnerability signature 2.6.254-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110488
- 110489
- 382812
- 382813
- 92212
- 92213
- 92214
- 92215
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.