February 2025’s Patch Tuesday from Microsoft addressed four zero-day vulnerabilities, two of which are currently under active attack. The update also includes eight additional high-risk flaws from a total of 63 Microsoft CVEs. Notably, CVE-2025-21198, a critical code execution vulnerability, was evaluated as lower risk due to its specific requirements for exploitation. Affected: Microsoft Windows, Microsoft Edge, Microsoft SharePoint Server
Keypoints :
- February 2025 Patch Tuesday released 63 Microsoft CVEs and four non-Microsoft CVEs.
- Two zero-day vulnerabilities under active attack are CVE-2025-21391 and CVE-2025-21418.
- CVE-2025-21198, a high severity code execution vulnerability, was assessed to have lower exploitation risk.
- Microsoft reported a decrease in vulnerabilities in February compared to January 2025.
- A total of eight additional vulnerabilities were rated as “Exploitation More Likely.”
- Several other vendors also released Patch Tuesday updates on this day.
MITRE Techniques :
- Elevation of Privilege (T1068) – CVE-2025-21391 allows an attacker to delete data, making services unavailable.
- Elevation of Privilege (T1068) – CVE-2025-21418 can permit an attacker to gain system privileges through a Heap-based Buffer Overflow.
- Remote Code Execution (T1203) – CVE-2025-21400 for Microsoft SharePoint Server allows remote code execution vulnerabilities.
- Elevation of Privilege (T1068) – Multiple vulnerabilities including CVE-2025-21419/20 and CVE-2025-21184/58 lead to system privilege elevation.
- Remote Code Execution (T1203) – CVE-2025-21376 is classified as LDAP Remote Code Execution.
Indicator of Compromise :
- None explicitly mentioned in the provided text.
Full Story: https://thecyberexpress.com/microsoft-patch-tuesday-february-2025/