In a new alert issued on February 18, AIS urged government agencies, organizations, and businesses nationwide to pay special attention to 13 security vulnerabilities in Microsoft products.

These are 13 high-impact and serious security flaws included in the February 2025 patch list with 67 new vulnerabilities released by the global tech giant Microsoft.

Of the 13 security vulnerabilities highlighted by AIS, 10 allow remote code execution, including: CVE-2025-21376 in Windows Lightweight Directory Access Protocol; CVE-2025-21400 in Microsoft SharePoint Server; 2 vulnerabilities CVE-2025-21392, CVE-2025-21397 in Microsoft Office; 5 vulnerabilities CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 in Microsoft Excel; and CVE-2025-21379 in DHCP Client Service.

There are also two security vulnerabilities currently being exploited by attackers, including CVE-2025-21418 in Windows Ancillary Function Driver for WinSock and CVE-2025-21391 in Windows Storage. Both of these flaws allow attackers to perform privilege escalation.

Additionally, those with systems using the Windows operating system have been advised to be cautious with the CVE-2025-21377 vulnerability causing NTLM hash leakage, allowing attackers to perform spoofing attacks. "Detailed information about this vulnerability has been published publicly," AIS reported.

According to experts, these high-impact and serious security vulnerabilities can be exploited by attackers to engage in illegal activities, posing risks to information security and affecting the information systems of agencies, organizations and businesses.

AIS requests that agencies, organizations and businesses research information about the warned security vulnerabilities; and check, review, and identify computers using the Windows operating system that may be affected.

If systems are found affected by these new security vulnerabilities, the best remedy is to update the patches for these vulnerabilities following Microsoft's guidelines.

In addition, they should enhance monitoring and be prepared to respond when signs of exploitation or cyberattacks are detected.

It is also necessary to regularly follow the channels of regulatory agencies and major organizations concerning information security.

If agencies, organizations, and businesses need support, they can contact the National Cybersecurity Monitoring Center – NCSC under AIS by phone at “02432091616” and via email at “[email protected]”.

NCSC’s January 2025 report showed that in the first month of this year its remote monitoring and scanning system detected over 1,600 vulnerabilities in more than 5,000 systems publicly open on the Internet.

Also, in January 2025, NCSC recorded 12 new vulnerabilities with high impact and seriousness, which can be exploited to attack systems of agencies and organizations. These vulnerabilities exist on commonly used products of many agencies, organizations, and businesses in Vietnam.

Van Anh