Microsoft’s February 2025 Patch Tuesday addresses a total of 55 vulnerabilities, including four zero-day flaws, with two actively exploited in attacks. This month’s update also fixes three critical vulnerabilities, all classified as remote code execution (RCE) flaws.
Breakdown of Vulnerabilities
The vulnerabilities addressed this month include:
- 19 Elevation of Privilege (EoP) vulnerabilities
- 2 Security Feature Bypass vulnerabilities
- 22 Remote Code Execution (RCE) vulnerabilities
- 1 Information Disclosure vulnerability
- 9 Denial of Service (DoS) vulnerabilities
- 3 Spoofing vulnerabilities
These totals exclude one critical Microsoft Dynamics 365 Sales elevation of privilege flaw and ten Microsoft Edge vulnerabilities that were patched on February 6. For non-security updates, see the Windows 11 KB5051987 & KB5051989 cumulative updates and the Windows 10 KB5051974 update.
Zero-Day Vulnerabilities
This month’s Patch Tuesday resolves four zero-day vulnerabilities, with two actively exploited and two publicly disclosed:
Actively Exploited Zero-Days
CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability
Affects: Windows Storage
This vulnerability allows attackers to delete targeted files on a system. While it does not expose confidential data, it could be used to disrupt services by deleting critical files. Microsoft has not disclosed details about how this vulnerability was exploited in the wild.
CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Affects: Windows Ancillary Function Driver for WinSock
This vulnerability enables attackers to escalate privileges to SYSTEM level. Microsoft has not shared details on how it has been exploited but confirms that it was disclosed anonymously.
Publicly Disclosed Zero-Days
CVE-2025-21194 | Microsoft Surface Security Feature Bypass Vulnerability
Affects: Microsoft Surface and Hypervisor Products
This hypervisor vulnerability allows attackers to bypass UEFI protections, compromising the secure kernel. Discovered by Francisco Falcón and Iván Arce of Quarkslab, this flaw is likely linked to the PixieFail vulnerabilities affecting the IPv6 network protocol stack in Tianocore’s EDK II, which is used in Microsoft Surface and hypervisor products.
CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability
Affects: Windows NTLM Authentication
This vulnerability exposes NTLM hashes when a user interacts with a malicious file. Simply selecting or right-clicking a file could trigger a remote connection, allowing an attacker to capture NTLM hashes for cracking or pass-the-hash attacks. It was discovered by Owen Cheung, Ivan Sheung, and Vincent Yau (Cathay Pacific), Yorick Koster (Securify B.V.), and Blaz Satler (0patch by ACROS Security).
Vendor Updates
Adobe: Released security updates for Photoshop, Substance3D, Illustrator, and Animate.
AMD: Issued firmware updates to mitigate a vulnerability allowing malicious CPU microcode injection.
Apple: Fixed a zero-day vulnerability exploited in sophisticated attacks.
Cisco: Patched security flaws in Cisco IOS, ISE, NX-OS, and Identity Services.
Google: Fixed an actively exploited zero-day in Android Kernel’s USB Video Class driver.
Recommendations for Users and Administrators
Organizations should apply the February 2025 Patch Tuesday updates as soon as possible, with priority given to the actively exploited zero-days and critical RCE vulnerabilities. Keeping systems updated is crucial to reducing exposure to potential attacks. For detailed guidance, refer to Microsoft’s official security bulletins or consult IT security teams.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
