Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. The Microsoft Security Response Center website has more information about the patch and the other vulnerabilities addressed. Microsoft’s February 2025 Patch Tuesday addressed 67 vulnerabilities, including three critical and 53 essential severity vulnerabilities. The updates include patches for vulnerabilities in Microsoft Streaming Service, Windows LDAP, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), and Microsoft PC Manager. In its February 2025 Patch Tuesday release, Microsoft addressed this vulnerability. The patch includes fixes for 55 security flaws, among them four zero-day vulnerabilities, two of which are currently being exploited in the wild. The vulnerability was reported anonymously to Microsoft, and a security researcher subsequently published a proof-of-concept (PoC) exploit on GitHub. The types of vulnerabilities fixed include Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE). The PoC exploit demonstrates DLL sideloading with cleanmgr.exe. DLL sideloading is a technique that enables an attacker to execute malicious code from within legitimate Windows binaries. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 04:15:10 +0000