Microsoft’s February Patch Tuesday 2025 update addresses 55 vulnerabilities, including four zero-day flaws, two of which are actively exploited in real-world attacks.
Key Security Fixes
This update resolves three critical remote code execution vulnerabilities and various other security issues:
- 19 privilege escalation bugs
- 2 security feature bypass bugs
- 22 remote code execution bugs
- 1 information disclosure bug
- 9 denial of service bugs
- 3 spoofing bugs
These numbers exclude a critical privilege escalation flaw in Microsoft Dynamics 365 Sales and 10 Microsoft Edge vulnerabilities, which were fixed separately on February 6.
Actively Exploited Zero-Day Vulnerabilities
The two most critical zero-days patched this month are:
- CVE-2025-21391 – A privilege escalation vulnerability in Windows Storage that allows attackers to delete target files. While this does not expose sensitive data, it could make the system unavailable.
- CVE-2025-21418 – A privilege escalation flaw in the Ancillary Function Driver for WinSock. Attackers could gain SYSTEM privileges, but Microsoft has not disclosed specific attack details, adds NIX Solutions.
Other Notable Zero-Day Fixes
Two additional zero-days were publicly disclosed before this update:
- CVE-2025-21194 – A security feature bypass bug in Microsoft Surface that allows attackers to circumvent UEFI protections. Microsoft linked this to virtual machines on UEFI host machines, while French cybersecurity firm Quarkslab suggested it may relate to the PixieFail vulnerabilities affecting the IPv6 network protocol stack.
- CVE-2025-21377 – A spoofing vulnerability that exposes NTLM hashes, enabling pass-the-hash attacks. Microsoft warns that minimal user interaction, such as a single click on a malicious file, can trigger this exploit.
These updates address critical security risks, yet we’ll keep you updated as more security patches become available.