Summary: Microsoft’s February 2025 Patch Tuesday includes security updates addressing 55 vulnerabilities, among which are four zero-day vulnerabilities, with two actively exploited. The updates fix critical vulnerabilities primarily consisting of remote code execution flaws, and various other vulnerabilities across different categories like elevation of privilege and denial of service. The updates reflect a significant ongoing effort to enhance the security posture of Microsoft products and systems.
Affected: Microsoft and its products, including Windows, Microsoft Office, and Dynamics 365
Keypoints :
- Two actively exploited zero-day vulnerabilities: CVE-2025-21391 (Windows Storage Elevation of Privilege) and CVE-2025-21418 (Windows Ancillary Function Driver for WinSock).
- This Patch Tuesday fixes three critical vulnerabilities and includes a total of 22 remote code execution vulnerabilities.
- Publicly disclosed zero-days include CVE-2025-21194 (Microsoft Surface Security Feature Bypass) and CVE-2025-21377 (NTLM Hash Disclosure Spoofing Vulnerability).