Microsoft’s February 2025 Patch Tuesday addresses a total of 55 vulnerabilities, including four zero-day vulnerabilities, with three categorized as critical due to remote code execution risks. Key vulnerabilities include privilege escalation flaws in Windows Storage and WinSock Drivers, actively exploited in the wild. The update reinforces the importance of timely patching to mitigate security risks. Affected: Microsoft Windows, Microsoft Edge, Microsoft Office, Microsoft Dynamics 365, Microsoft Surface
Keypoints :
- February 2025 Patch Tuesday includes 55 security fixes.
- Four zero-day vulnerabilities were addressed, including two actively exploited.
- Three critical remote code execution vulnerabilities were resolved.
- Notable vulnerabilities: CVE-2025-21391 and CVE-2025-21418, both privilege escalation issues.
- Security updates for various platforms like Microsoft Edge and Microsoft Office were included.
- Importance of promptly applying updates to maintain security integrity is emphasized.
MITRE Techniques :
- Privilege Escalation (T1068) – CVE-2025-21391 & CVE-2025-21418 allow attackers to elevate privileges on the Windows system.
- Exploitation for Client Execution (T1203) – Multiple vulnerabilities in Microsoft Office relevant to remote code execution.
- Application Layer Protocol (T1071) – Vulnerabilities in Microsoft Edge and Dynamics 365 impact network protocols.
Indicator of Compromise :
- [CVE ID] CVE-2025-21391
- [CVE ID] CVE-2025-21418
- [CVE ID] CVE-2025-21194
- [CVE ID] CVE-2025-21377
- [CVE ID] CVE-2025-21382
Full Story: https://www.prsol.cc/2025/02/13/microsoft-february-2025-patch-tuesday-fixes-4-zero-days-55-flaws/
Views: 63