Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

In the present day is Microsoft’s February 2025 Patch Tuesday, which incorporates safety updates for 55 flaws, together with 4 zero-day vulnerabilities, with two actively exploited in assaults.

This Patch Tuesday additionally fixes three “Crucial” vulnerabilities, all distant code execution vulnerabilities.

The variety of bugs in every vulnerability class is listed under:

• 19 Elevation of Privilege Vulnerabilities
• 2 Safety Characteristic Bypass Vulnerabilities
• 22 Distant Code Execution Vulnerabilities
• 1 Info Disclosure Vulnerabilities
• 9 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities

The above numbers don’t embrace a crucial Microsoft Dynamics 365 Gross sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities fastened on February 6.

To study extra in regards to the non-security updates launched at this time, you’ll be able to assessment our devoted articles on the Home windows 11 KB5051987 & KB5051989 cumulative updates and the Home windows 10 KB5051974 replace.

Two actively exploited zero-day disclosed

This month’s Patch Tuesday fixes two actively exploited and two publicly uncovered zero-day vulnerabilities.

Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is obtainable.

The actively exploited zero-day vulnerability in at this time’s updates are:

CVE-2025-21391 – Home windows Storage Elevation of Privilege Vulnerability

Microsoft has fastened an actively exploited elevation of privileges vulnerability that can be utilized to delete information.

“An attacker would solely have the ability to delete focused information on a system,” reads Microsoft’s advisory.

“This vulnerability doesn’t enable disclosure of any confidential data, however may enable an attacker to delete information that might embrace information that ends in the service being unavailable,” continued Microsoft.

No data has been launched about how this flaw was exploited in assaults and who disclosed it.

CVE-2025-21418 – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

The second actively exploited vulnerability permits risk actors to realize SYSTEM privileges in Home windows.

It’s unknown the way it was utilized in assaults, and Microsoft says this flaw was disclosed anonymously.

The publicly disclosed zero-days are:

CVE-2025-21194 – Microsoft Floor Safety Characteristic Bypass Vulnerability

Microsoft says that this flaw is a hypervisor vulnerability that enables assaults to bypass UEFI and compromise the safe kernel.

“This Hypervisor vulnerability pertains to Digital Machines inside a Unified Extensible Firmware Interface (UEFI) host machine,” explains Microsoft’s advisory.

“On some particular {hardware} it may be attainable to bypass the UEFI, which may result in the compromise of the hypervisor and the safe kernel.”

Microsoft says that Francisco Falcón and Iván Arce of Quarkslab found the vulnerability.

Whereas Microsoft didn’t share many particulars in regards to the flaw, it’s seemingly linked to the PixieFail flaws disclosed by the researchers final month. 

PixieFail is a set of 9 vulnerabilities that affect the IPv6 community protocol stack of Tianocore’s EDK II, which is utilized by Microsoft Floor and the corporate’s hypervisor merchandise.

CVE-2025-21377 – NTLM Hash Disclosure Spoofing Vulnerability

Microsoft fastened a publicly disclosed bug that exposes a Window person’s NTLM hashes, permitting a distant attacker to doubtlessly log in because the person.

“Minimal interplay with a malicious file by a person similar to choosing (single-click), inspecting (right-click), or performing an motion aside from opening or executing the file may set off this vulnerability.” explains Microsoft’s advisory.

Whereas Microsoft has not shared many particulars in regards to the flaw, it seemingly acts like different NTLM hash disclosure flaws, the place merely interacting with a file moderately than opening it may trigger Home windows to remotely hook up with a distant share. When doing so, an NTLM negotiation passes the person’s NTLM hash to the distant server, which the attacker can accumulate.

These NTLM hashes can then be cracked to get the plain-text password or utilized in pass-the-hash assaults.

Microsoft says this flaw was found by Owen Cheung, Ivan Sheung, and Vincent Yau with Cathay Pacific, Yorick Koster of Securify B.V., and Blaz Satler with 0patch by ACROS Safety.

Latest updates from different corporations

Different distributors who launched updates or advisories in February 2025 embrace:

• Adobe launched safety updates for quite a few merchandise, together with Adobe Photoshop, Substance3D, Illustrator, and Animate.
• ​AMD launched mitigations and firmware updates to handle a vulnerability that may be exploited to load malicious CPU microcode.
• Apple launched a safety replace for a zero-day exploited in ‘extraordinarily subtle’ assaults.
• Cisco launched safety updates for a number of merchandise, together with Cisco IOS, ISE, NX-OS, and Identification Providers.
• Google fastened an actively exploited zero-day flaw in Android Kernel’s USB Video Class driver.
• Ivanti launched safety updates for Join Safe, Neurons for MDM, and Cloud Service Utility.
• Fortinet launched safety updates for quite a few merchandise, together with FortiManager, FortiOS, FortiAnalyzer, and FortiSwitchManager.
• Netgear fastened two crucial vulnerabilities affecting a number of WiFi router fashions.
• SAP releases safety updates for a number of merchandise.

The February 2025 Patch Tuesday Safety Updates

Under is the whole record of resolved vulnerabilities within the February 2025 Patch Tuesday updates.

To entry the complete description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.