Microsoft has released its February 2025 Patch Tuesday updates, addressing a total of 55 security flaws across various components. Among these, four are zero-day vulnerabilities, with two actively exploited in the wild. Additionally, three critical remote code execution (RCE) vulnerabilities have been patched, underscoring the importance of immediate deployment.
Summary of Vulnerabilities
The breakdown of patched vulnerabilities includes:
• 19 Elevation of Privilege Vulnerabilities
• 2 Security Feature Bypass Vulnerabilities
• 22 Remote Code Execution Vulnerabilities
• 1 Information Disclosure Vulnerability
• 9 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities
These figures exclude a critical Microsoft Dynamics 365 Sales elevation of privilege vulnerability, and ten Microsoft Edge vulnerabilities fixed earlier on February6.
Actively Exploited Zero-Day Vulnerabilities
Two of the patched zero-day vulnerabilities were actively exploited prior to this update:
• CVE-2025-21391 – Windows Storage Elevation of Privilege Vulnerability
Microsoft has addressed a flaw that allows attackers to delete targeted files on a system. While this does not enable direct data disclosure, it can result in service disruption by deleting crucial system files. No details on the attack methodology or the responsible threat actors have been disclosed.
• CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of
Privilege Vulnerability
This vulnerability permits threat actors to escalate privileges to SYSTEM level on Windows machines. Microsoft has not provided details on how it has been exploited in real-world attacks or who initially reported it.
Publicly Disclosed Zero-Day Vulnerabilities
• CVE-2025-21194 – Microsoft Surface Security Feature Bypass Vulnerability
A hypervisor vulnerability affecting Microsoft Surface and hypervisor products allows attackers to bypass UEFI protections and compromise the secure kernel.Microsoft attributes this discovery to Francisco Falcón and Iván Arce of Quarkslab and links it to the PixieFail vulnerabilities disclosed last month,which impact the IPv6 network stack of Tianocore’s EDK II.
• CVE-2025-21377 – NTLM Hash Disclosure Spoofing Vulnerability
A vulnerability exposing NTLM hashes enables remote attackers to authenticate as legitimate users. Minimal user interaction with a malicious file such as single-clicking, right-clicking, or inspecting could trigger the flaw, leading to unauthorized NTLM authentication.
Mitigation and Recommendations
Organizations and individual users should prioritize applying these security patches immediately. The actively exploited vulnerabilities pose a significant risk of privilege escalation and system disruption.
• Applying security updates without delay to prevent exploitation.
• Enabling multi-factor authentication (MFA) to mitigate credential-based attacks like
NTLM hash disclosure.
• Reviewing system configurations to limit exposure to elevation of privilege flaws.
• Monitoring security logs for signs of exploitation related to these vulnerabilities.
For further details, refer to Microsoft’s official Patch Tuesday advisory and related documentation.
.png)
.png)