CVE-2025-21379 — Use After Free in Microsoft Windows 11 Version 24h2

CWE-416 — Use After Free9 documents7 sources

Severity

7.1HIGHNVD

EPSS

1.2%

top 20.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 11 Version 24h2 Microsoft Windows Server 2025 Microsoft Windows 11 24h2 +3 more

Timeline

PublishedFeb 11

Description

DHCP Client Service Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

▶NVDmicrosoft/windows< 10.0.26100.3194

▶NVDmicrosoft/windows_11_24h2< 10.0.26100.3194

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.3194

▶CVEListV5microsoft/windows_11_version_24h210.0.26100.0 — 10.0.26100.3194

▶msrcmsrc/windows_server_2025

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-75j8-9mw5-6mp8: DHCP Client Service Remote Code Execution Vulnerability↗2025-02-11

▶

📋Vendor Advisories

Microsoft

DHCP Client Service Remote Code Execution Vulnerability↗2025-02-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities↗2025-02-11

▶

Talos

Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities↗2025-02-11

▶

Qualys

Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review↗2025-02-11

▶

Qualys

Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review | Qualys↗2025-02-11

▶

Bleepingcomputer

Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws↗2025-02-11

▶