Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to protect against these threats.
Microsoft’s February 2025 Patch Tuesday update addresses 63 security vulnerabilities across its product range, including two zero-day exploits actively being used by attackers. Four of these vulnerabilities are classified as critical.
The update covers a variety of vulnerability types, including remote code execution, elevation of privilege, denial of service, spoofing, security feature bypass, information disclosure, and tampering.
Two zero-day vulnerabilities are of particular concern due to their active exploitation.
CVE-2025-21391, an elevation of privilege flaw in Windows Storage, could allow attackers to delete critical system files, potentially causing data loss and service disruptions. While Microsoft states this vulnerability doesn’t expose confidential data, the ability to disrupt services is, nevertheless, a serious concern.
The second actively exploited zero-day, CVE-2025-21418, affects the Ancillary Function Driver for Windows Sockets. This vulnerability enables privilege escalation, potentially granting attackers SYSTEM-level access. Details about the exploitation methods for these vulnerabilities remain undisclosed.
Microsoft is also addressing two publicly disclosed zero-day vulnerabilities. CVE-2025-21194, a hypervisor flaw, could compromise the secure kernel in UEFI-based virtual machines. This vulnerability is speculated to be related to the PixieFail vulnerabilities. Another flaw, CVE-2025-21377, could allow attackers to steal NTLM hashes through minimal user interaction with a malicious file.
Some critical vulnerabilities patched by Microsoft include: CVE-2025-21376, an RCE vulnerability in Windows Lightweight Directory Access Protocol allowing arbitrary code execution. CVE-2025-21177, a Server-Side Request Forgery vulnerability in Dynamics 365 that may lead to privilege escalation. CVE-2025-21379 in the DHCP Client Service and CVE-2025-21381 in Microsoft Excel, both allow remote code execution.
Another severe flaw addressed was in Microsoft’s High-Performance Compute Pack. Tracked as CVE-2025-21198, it is a remote code execution (RCE) vulnerability that allows attackers to perform RCE on other clusters or nodes connected to the targeted head node by sending a specially crafted HTTPS request
Microsoft also addressed some high-risk flaws in this update including vulnerabilities in Microsoft Office SharePoint, Windows Disk Cleanup Tool, Windows CoreMessaging, Windows Win32 Kernel Subsystem, Windows Setup Files Cleanup, Windows DWM Core Library, and others. These vulnerabilities are considered high-risk due to their potential for exploitation and the lack of existing workarounds.
Beyond Microsoft’s updates, other vendors, including Adobe, SAP, and Ivanti, have also released security patches. SAP’s updates address vulnerabilities in BusinessObjects, Supplier Relationship Management, and Approuter, including a critical authorization flaw. Ivanti’s patch fixes a critical OS command injection vulnerability in its Cloud Services Application.
These updates highlight the ongoing need for timely security patching. With actively exploited zero-days and a range of critical vulnerabilities, organizations must prioritize applying these updates to mitigate risks. The sheer volume of vulnerabilities tracked by security platforms is staggering, as illustrated by SOCRadar’s Vulnerability Intelligence dashboard.
Expert’s Comments:
Mr. Saeed Abbasi, Manager of Vulnerability Research at Qualys Threat Research Unit, told Hackread.com that CVE-2025-21391, though appearing as a file deletion bug, is actively exploited and far more dangerous when combined with code execution. While it doesn’t threaten confidentiality, it severely impacts integrity and availability, potentially crippling servers. Attackers can exploit it to delete critical system files, replacing them with weakly secured versions, and ultimately gaining SYSTEM-level access. Abbasi warns this is no minor flaw; it’s a stealthy path to full system control.
