Tripwire Patch Priority Index for February 2025
Tripwire’s February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote code execution and 2 spoofing vulnerabilities.
Next on the list are patches for Microsoft Office and Excel. These patches resolve 8 issues such as remote code execution and information disclosure vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Telephony, PC Manager, Internet Connection Sharing, RRAS, Message Queuing, and various others.
Up next are patches for Visual Studio and Visual Studio Code that resolve 3 elevation of privilege vulnerabilities.
Lastly, administrators should focus on server-side patches for SharePoint, Remote Desktop Services, Active Directory Domain Services, DHCP Server, and LDAP. These patches resolve denial of service, remote code execution, and tampering vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2025-21342, CVE-2025-21283, CVE-2025-21408, CVE-2025-21279, CVE-2025-21267, CVE-2025-21404 |
| Microsoft Office | CVE-2025-21392, CVE-2025-21397 |
| Microsoft Office Excel | CVE-2025-21383, CVE-2025-21387, CVE-2025-21386, CVE-2025-21381, CVE-2025-21390, CVE-2025-21394 |
| Microsoft Windows | CVE-2025-21337, CVE-2023-32002, CVE-2025-21190, CVE-2025-21406, CVE-2025-21200, CVE-2025-21407, CVE-2025-21371, CVE-2025-21377, CVE-2025-21373, CVE-2025-24036, CVE-2025-21198, CVE-2025-21420, CVE-2025-21418, CVE-2025-21358, CVE-2025-21184, CVE-2025-21367, CVE-2025-21359, CVE-2025-21414, CVE-2025-21201, CVE-2025-21419, CVE-2025-21322, CVE-2025-21352, CVE-2025-21216, CVE-2025-21212, CVE-2025-21254, CVE-2025-21208, CVE-2025-21410, CVE-2025-21181, CVE-2025-21350, CVE-2025-21347, CVE-2025-21369, CVE-2025-21368, CVE-2025-21391, CVE-2025-21179, CVE-2025-21182, CVE-2025-21183 |
| Visual Studio and Visual Studio Code | CVE-2025-21206, CVE-2025-24039, CVE-2025-24042 |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-21376 |
| Active Directory Domain Services | CVE-2025-21351 |
| Microsoft Office SharePoint | CVE-2025-21400 |
| Windows DHCP Server | CVE-2025-21379 |
| Windows Remote Desktop Services | CVE-2025-21349 |
