Right now is Microsoft’s February 2025 Patch Tuesday, which incorporates security updates for 55 flaws, together with 4 zero-day vulnerabilities, with two actively exploited in assaults.
This Patch Tuesday additionally fixes three “Essential” vulnerabilities, all distant code execution vulnerabilities.
The variety of bugs in every vulnerability class is listed under:
- 19 Elevation of Privilege Vulnerabilities
- 2 Safety Function Bypass Vulnerabilities
- 22 Distant Code Execution Vulnerabilities
- 1 Data Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
The above numbers don’t embody a crucial Microsoft Dynamics 365 Gross sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities mounted on February 6.
To be taught extra concerning the non-security updates launched immediately, you may overview our devoted articles on the Home windows 11 KB5051987 & KB5051989 cumulative updates and the Home windows 10 KB5051974 replace.
Two actively exploited zero-day disclosed
This month’s Patch Tuesday fixes two actively exploited and two publicly uncovered zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is obtainable.
The actively exploited zero-day vulnerability in immediately’s updates are:
CVE-2025-21391 – Home windows Storage Elevation of Privilege Vulnerability
Microsoft has mounted an actively exploited elevation of privileges vulnerability that can be utilized to delete recordsdata.
“An attacker would solely be capable to delete focused recordsdata on a system,” reads Microsoft’s advisory.
“This vulnerability doesn’t enable disclosure of any confidential info, however might enable an attacker to delete knowledge that would embody knowledge that leads to the service being unavailable,” continued Microsoft.
No info has been launched about how this flaw was exploited in assaults and who disclosed it.
CVE-2025-21418 – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability
The second actively exploited vulnerability permits risk actors to achieve SYSTEM privileges in Home windows.
It’s unknown the way it was utilized in assaults, and Microsoft says this flaw was disclosed anonymously.
The publicly disclosed zero-days are:
CVE-2025-21194 – Microsoft Floor Safety Function Bypass Vulnerability
Microsoft says that this flaw is a hypervisor vulnerability that enables assaults to bypass UEFI and compromise the safe kernel.
“This Hypervisor vulnerability pertains to Digital Machines inside a Unified Extensible Firmware Interface (UEFI) host machine,” explains Microsoft’s advisory.
“On some particular {hardware} it may be attainable to bypass the UEFI, which might result in the compromise of the hypervisor and the safe kernel.”
Microsoft says that Francisco Falcón and Iván Arce of Quarkslab found the vulnerability.
Whereas Microsoft didn’t share many particulars concerning the flaw, it’s probably related to the PixieFail flaws disclosed by the researchers final month.
PixieFail is a set of 9 vulnerabilities that influence the IPv6 community protocol stack of Tianocore’s EDK II, which is utilized by Microsoft Floor and the corporate’s hypervisor merchandise.
CVE-2025-21377 – NTLM Hash Disclosure Spoofing Vulnerability
Microsoft mounted a publicly disclosed bug that exposes a Window person’s NTLM hashes, permitting a distant attacker to probably log in because the person.
“Minimal interplay with a malicious file by a person akin to deciding on (single-click), inspecting (right-click), or performing an motion apart from opening or executing the file might set off this vulnerability.” explains Microsoft’s advisory.
Whereas Microsoft has not shared many particulars concerning the flaw, it probably acts like different NTLM hash disclosure flaws, the place merely interacting with a file relatively than opening it might trigger Home windows to remotely connect with a distant share. When doing so, an NTLM negotiation passes the person’s NTLM hash to the distant server, which the attacker can acquire.
These NTLM hashes can then be cracked to get the plain-text password or utilized in pass-the-hash assaults.
Microsoft says this flaw was found by Owen Cheung, Ivan Sheung, and Vincent Yau with Cathay Pacific, Yorick Koster of Securify B.V., and Blaz Satler with 0patch by ACROS Safety.
Latest updates from different corporations
Different distributors who launched updates or advisories in February 2025 embody:
- Adobe launched security updates for quite a few merchandise, together with Adobe Photoshop, Substance3D, Illustrator, and Animate.
- AMD launched mitigations and firmware updates to handle a vulnerability that may be exploited to load malicious CPU microcode.
- Apple launched a security replace for a zero-day exploited in ‘extraordinarily refined’ assaults.
- Cisco launched security updates for a number of merchandise, together with Cisco IOS, ISE, NX-OS, and Id Companies.
- Google mounted an actively exploited zero-day flaw in Android Kernel’s USB Video Class driver.
- Ivanti launched security updates for Join Safe, Neurons for MDM, and Cloud Service Software.
- Fortinet launched security updates for quite a few merchandise, together with FortiManager, FortiOS, FortiAnalyzer, and FortiSwitchManager.
- Netgear mounted two crucial vulnerabilities affecting a number of WiFi router fashions.
- SAP releases security updates for a number of merchandise.
The February 2025 Patch Tuesday Safety Updates
Beneath is the entire record of resolved vulnerabilities within the February 2025 Patch Tuesday updates.
To entry the total description of every vulnerability and the techniques it impacts, you may view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Energetic Listing Area Companies | CVE-2025-21351 | Home windows Energetic Listing Area Companies API Denial of Service Vulnerability | Vital |
| Azure Community Watcher | CVE-2025-21188 | Azure Community Watcher VM Extension Elevation of Privilege Vulnerability | Vital |
| Microsoft AutoUpdate (MAU) | CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Vital |
| Microsoft Digest Authentication | CVE-2025-21368 | Microsoft Digest Authentication Distant Code Execution Vulnerability | Vital |
| Microsoft Digest Authentication | CVE-2025-21369 | Microsoft Digest Authentication Distant Code Execution Vulnerability | Vital |
| Microsoft Dynamics 365 Gross sales | CVE-2025-21177 | Microsoft Dynamics 365 Gross sales Elevation of Privilege Vulnerability | Essential |
| Microsoft Edge (Chromium-based) | CVE-2025-21267 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-21279 | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2025-21342 | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2025-0445 | Chromium: CVE-2025-0445 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0451 | Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0444 | Chromium: CVE-2025-0444 Use after free in Skia | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-21283 | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2025-21404 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-21408 | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability | Vital |
| Microsoft Edge for iOS and Android | CVE-2025-21253 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Reasonable |
| Microsoft Excessive Efficiency Compute Pack (HPC) Linux Node Agent | CVE-2025-21198 | Microsoft Excessive Efficiency Compute (HPC) Pack Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2025-21392 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2025-21397 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-21381 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-21394 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-21383 | Microsoft Excel Data Disclosure Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-21390 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-21386 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-21387 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-21400 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft PC Supervisor | CVE-2025-21322 | Microsoft PC Supervisor Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Floor | CVE-2025-21194 | Microsoft Floor Safety Function Bypass Vulnerability | Vital |
| Microsoft Home windows | CVE-2025-21337 | Home windows NTFS Elevation of Privilege Vulnerability | Vital |
| Open Supply Software program | CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` coverage Distant Code Execution Vulnerability | Vital |
| Outlook for Android | CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability | Vital |
| Visible Studio | CVE-2025-21206 | Visible Studio Installer Elevation of Privilege Vulnerability | Vital |
| Visible Studio Code | CVE-2025-24039 | Visible Studio Code Elevation of Privilege Vulnerability | Vital |
| Visible Studio Code | CVE-2025-24042 | Visible Studio Code JS Debug Extension Elevation of Privilege Vulnerability | Vital |
| Home windows Ancillary Perform Driver for WinSock | CVE-2025-21418 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability | Vital |
| Home windows CoreMessaging | CVE-2025-21358 | Home windows Core Messaging Elevation of Privileges Vulnerability | Vital |
| Home windows CoreMessaging | CVE-2025-21184 | Home windows Core Messaging Elevation of Privileges Vulnerability | Vital |
| Home windows DHCP Consumer | CVE-2025-21179 | DHCP Consumer Service Denial of Service Vulnerability | Vital |
| Home windows DHCP Server | CVE-2025-21379 | DHCP Consumer Service Distant Code Execution Vulnerability | Essential |
| Home windows Disk Cleanup Software | CVE-2025-21420 | Home windows Disk Cleanup Software Elevation of Privilege Vulnerability | Vital |
| Home windows DWM Core Library | CVE-2025-21414 | Home windows Core Messaging Elevation of Privileges Vulnerability | Vital |
| Home windows Installer | CVE-2025-21373 | Home windows Installer Elevation of Privilege Vulnerability | Vital |
| Home windows Web Connection Sharing (ICS) | CVE-2025-21216 | Web Connection Sharing (ICS) Denial of Service Vulnerability | Vital |
| Home windows Web Connection Sharing (ICS) | CVE-2025-21212 | Web Connection Sharing (ICS) Denial of Service Vulnerability | Vital |
| Home windows Web Connection Sharing (ICS) | CVE-2025-21352 | Web Connection Sharing (ICS) Denial of Service Vulnerability | Vital |
| Home windows Web Connection Sharing (ICS) | CVE-2025-21254 | Web Connection Sharing (ICS) Denial of Service Vulnerability | Vital |
| Home windows Kerberos | CVE-2025-21350 | Home windows Kerberos Denial of Service Vulnerability | Vital |
| Home windows Kernel | CVE-2025-21359 | Home windows Kernel Safety Function Bypass Vulnerability | Vital |
| Home windows LDAP – Light-weight Listing Entry Protocol | CVE-2025-21376 | Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability | Essential |
| Home windows Message Queuing | CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Vital |
| Home windows NTLM | CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability | Vital |
| Home windows Distant Desktop Companies | CVE-2025-21349 | Home windows Distant Desktop Configuration Service Tampering Vulnerability | Vital |
| Home windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21183 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Vital |
| Home windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21182 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-21410 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-21208 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
| Home windows Setup Recordsdata Cleanup | CVE-2025-21419 | Home windows Setup Recordsdata Cleanup Elevation of Privilege Vulnerability | Vital |
| Home windows Storage | CVE-2025-21391 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
| Home windows Telephony Server | CVE-2025-21201 | Home windows Telephony Server Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Service | CVE-2025-21407 | Home windows Telephony Service Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Service | CVE-2025-21406 | Home windows Telephony Service Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Service | CVE-2025-21200 | Home windows Telephony Service Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Service | CVE-2025-21371 | Home windows Telephony Service Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Service | CVE-2025-21190 | Home windows Telephony Service Distant Code Execution Vulnerability | Vital |
| Home windows Replace Stack | CVE-2025-21347 | Home windows Deployment Companies Denial of Service Vulnerability | Vital |
| Home windows Win32 Kernel Subsystem | CVE-2025-21367 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
