New “Wormable” and File-Deleting Zero-Day Bugs

There are three bugs of concern in this month’s Windows patch batch.

The Windows Storage Elevation of Privilege bug, tagged as CVE-2025-21391, lets attackers delete targeted files on a system, potentially causing major disruption and service outages.

The company also urged Windows administrators to prioritize CVE-2025-21418, warning that the Windows Ancillary Function Driver for WinSock contains a flaw that provides SYSTEM privileges to an attacker.

Finally, Security experts are also calling attention to CVE-2025-21376 which covers a remote code execution bug in the Windows Lightweight Directory Access Protocol (LDAP). “Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in a buffer overflow which could be leveraged to achieve remote code execution,” Microsoft said.

This last bug may be wormable meaning that an infected LDAP server could infect another LDAP server.

We keep saying this. You have a patch quickly because the hackers move very quickly. For high priority bugs, the bugs can be weaponized in a day or two, sometimes quicker.

If you have questions or need assistance, please contact us. Credit: Security Week