Nowadays is Microsoft’s February 2025 Patch Tuesday, which incorporates safety updates for 55 flaws, together with 4 zero-day vulnerabilities, with two actively exploited in assaults.
This Patch Tuesday additionally fixes 3 “Crucial” vulnerabilities, all far flung code execution vulnerabilities.
The collection of insects in each and every vulnerability class is indexed under:
19 Elevation of Privilege Vulnerabilities
2 Safety Function Bypass Vulnerabilities
22 Far flung Code Execution Vulnerabilities
1 Knowledge Disclosure Vulnerabilities
9 Denial of Carrier Vulnerabilities
3 Spoofing Vulnerabilities
The above numbers don’t come with a crucial Microsoft Dynamics 365 Gross sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities mounted on February 6.
To be informed extra concerning the non-security updates launched nowadays, you’ll evaluate our devoted articles at the Home windows 11 KB5051987 & KB5051989 cumulative updates and the Home windows 10 KB5051974 replace.
Two actively exploited zero-day disclosed
This month’s Patch Tuesday fixes two actively exploited and two publicly uncovered zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as one this is publicly disclosed or actively exploited whilst no authentic repair is to be had.
The actively exploited zero-day vulnerability in nowadays’s updates are:
CVE-2025-21391 – Home windows Garage Elevation of Privilege Vulnerability
Microsoft has mounted an actively exploited elevation of privileges vulnerability that can be utilized to delete information.
“An attacker would handiest be capable of delete centered information on a machine,” reads Microsoft’s advisory.
“This vulnerability does now not permit disclosure of any confidential knowledge, however may permit an attacker to delete knowledge that would come with knowledge that leads to the provider being unavailable,” persevered Microsoft.
No knowledge has been launched about how this flaw was once exploited in assaults and who disclosed it.
CVE-2025-21418 – Home windows Ancillary Serve as Motive force for WinSock Elevation of Privilege Vulnerability
The second one actively exploited vulnerability lets in risk actors to achieve SYSTEM privileges in Home windows.
It’s unknown the way it was once utilized in assaults, and Microsoft says this flaw was once disclosed anonymously.
The publicly disclosed zero-days are:
CVE-2025-21194 – Microsoft Floor Safety Function Bypass Vulnerability
Microsoft says that this flaw is a hypervisor vulnerability that permits assaults to avoid UEFI and compromise the protected kernel.
“This Hypervisor vulnerability pertains to Digital Machines inside of a Unified Extensible Firmware Interface (UEFI) host device,” explains Microsoft’s advisory.
“On some particular {hardware} it may well be conceivable to avoid the UEFI, which might result in the compromise of the hypervisor and the protected kernel.”
Microsoft says that Francisco Falcón and Iván Arce of Quarkslab came upon the vulnerability.
Whilst Microsoft didn’t proportion many information about the flaw, it’s most probably attached to the PixieFail flaws disclosed by means of the researchers final month.
PixieFail is a suite of 9 vulnerabilities that affect the IPv6 community protocol stack of Tianocore’s EDK II, which is utilized by Microsoft Floor and the corporate’s hypervisor merchandise.
CVE-2025-21377 – NTLM Hash Disclosure Spoofing Vulnerability
Microsoft mounted a publicly disclosed worm that exposes a Window person’s NTLM hashes, permitting a far flung attacker to probably log in because the person.
“Minimum interplay with a malicious document by means of a person comparable to settling on (single-click), examining (right-click), or appearing an motion rather then opening or executing the document may cause this vulnerability.” explains Microsoft’s advisory.
Whilst Microsoft has now not shared many information about the flaw, it most probably acts like different NTLM hash disclosure flaws, the place merely interacting with a document reasonably than opening it might reason Home windows to remotely connect with a far flung proportion. When doing so, an NTLM negotiation passes the person’s NTLM hash to the far flung server, which the attacker can acquire.
Those NTLM hashes can then be cracked to get the plain-text password or utilized in pass-the-hash assaults.
Microsoft says this flaw was once came upon by means of Owen Cheung, Ivan Sheung, and Vincent Yau with Cathay Pacific, Yorick Koster of Securify B.V., and Blaz Satler with 0patch by means of ACROS Safety.
Contemporary updates from different firms
Different distributors who launched updates or advisories in February 2025 come with:
Adobe launched safety updates for a large number of merchandise, together with Adobe Photoshop, Substance3D, Illustrator, and Animate.
AMD launched mitigations and firmware updates to handle a vulnerability that may be exploited to load malicious CPU microcode.
Apple launched a safety replace for a zero-day exploited in ‘extraordinarily refined’ assaults.
Cisco launched safety updates for more than one merchandise, together with Cisco IOS, ISE, NX-OS, and Identification Products and services.
Google mounted an actively exploited zero-day flaw in Android Kernel’s USB Video Magnificence driving force.
Ivanti launched safety updates for Attach Safe, Neurons for MDM, and Cloud Carrier Software.
Fortinet launched safety updates for a large number of merchandise, together with FortiManager, FortiOS, FortiAnalyzer, and FortiSwitchManager.
Netgear mounted two crucial vulnerabilities affecting more than one WiFi router fashions.
SAP releases safety updates for more than one merchandise.
The February 2025 Patch Tuesday Safety Updates
Underneath is the whole checklist of resolved vulnerabilities within the February 2025 Patch Tuesday updates.
To get admission to the overall description of each and every vulnerability and the programs it impacts, you’ll view the complete record right here.
Tag
CVE ID
CVE Name
Severity
Lively Listing Area Products and services
CVE-2025-21351
Home windows Lively Listing Area Products and services API Denial of Carrier Vulnerability
Vital
Azure Community Watcher
CVE-2025-21188
Azure Community Watcher VM Extension Elevation of Privilege Vulnerability
Vital
Microsoft AutoUpdate (MAU)
CVE-2025-24036
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Vital
Microsoft Digest Authentication
CVE-2025-21368
Microsoft Digest Authentication Far flung Code Execution Vulnerability
Vital
Microsoft Digest Authentication
CVE-2025-21369
Microsoft Digest Authentication Far flung Code Execution Vulnerability
Vital
Microsoft Dynamics 365 Gross sales
CVE-2025-21177
Microsoft Dynamics 365 Gross sales Elevation of Privilege Vulnerability
Crucial
Microsoft Edge (Chromium-based)
CVE-2025-21267
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Microsoft Edge (Chromium-based)
CVE-2025-21279
Microsoft Edge (Chromium-based) Far flung Code Execution Vulnerability
Vital
Microsoft Edge (Chromium-based)
CVE-2025-21342
Microsoft Edge (Chromium-based) Far flung Code Execution Vulnerability
Vital
Microsoft Edge (Chromium-based)
CVE-2025-0445
Chromium: CVE-2025-0445 Use after loose in V8
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-0451
Chromium: CVE-2025-0451 Beside the point implementation in Extensions API
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-0444
Chromium: CVE-2025-0444 Use after loose in Skia
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-21283
Microsoft Edge (Chromium-based) Far flung Code Execution Vulnerability
Vital
Microsoft Edge (Chromium-based)
CVE-2025-21404
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Microsoft Edge (Chromium-based)
CVE-2025-21408
Microsoft Edge (Chromium-based) Far flung Code Execution Vulnerability
Vital
Microsoft Edge for iOS and Android
CVE-2025-21253
Microsoft Edge for IOS and Android Spoofing Vulnerability
Reasonable
Microsoft Top Efficiency Compute Pack (HPC) Linux Node Agent
CVE-2025-21198
Microsoft Top Efficiency Compute (HPC) Pack Far flung Code Execution Vulnerability
Vital
Microsoft Place of work
CVE-2025-21392
Microsoft Place of work Far flung Code Execution Vulnerability
Vital
Microsoft Place of work
CVE-2025-21397
Microsoft Place of work Far flung Code Execution Vulnerability
Vital
Microsoft Place of work Excel
CVE-2025-21381
Microsoft Excel Far flung Code Execution Vulnerability
Crucial
Microsoft Place of work Excel
CVE-2025-21394
Microsoft Excel Far flung Code Execution Vulnerability
Vital
Microsoft Place of work Excel
CVE-2025-21383
Microsoft Excel Knowledge Disclosure Vulnerability
Vital
Microsoft Place of work Excel
CVE-2025-21390
Microsoft Excel Far flung Code Execution Vulnerability
Vital
Microsoft Place of work Excel
CVE-2025-21386
Microsoft Excel Far flung Code Execution Vulnerability
Vital
Microsoft Place of work Excel
CVE-2025-21387
Microsoft Excel Far flung Code Execution Vulnerability
Vital
Microsoft Place of work SharePoint
CVE-2025-21400
Microsoft SharePoint Server Far flung Code Execution Vulnerability
Vital
Microsoft PC Supervisor
CVE-2025-21322
Microsoft PC Supervisor Elevation of Privilege Vulnerability
Vital
Microsoft Streaming Carrier
CVE-2025-21375
Kernel Streaming WOW Thunk Carrier Motive force Elevation of Privilege Vulnerability
Vital
Microsoft Floor
CVE-2025-21194
Microsoft Floor Safety Function Bypass Vulnerability
Vital
Microsoft Home windows
CVE-2025-21337
Home windows NTFS Elevation of Privilege Vulnerability
Vital
Open Supply Device
CVE-2023-32002
HackerOne: CVE-2023-32002 Node.js `Module._load()` coverage Far flung Code Execution Vulnerability
Vital
Outlook for Android
CVE-2025-21259
Microsoft Outlook Spoofing Vulnerability
Vital
Visible Studio
CVE-2025-21206
Visible Studio Installer Elevation of Privilege Vulnerability
Vital
Visible Studio Code
CVE-2025-24039
Visible Studio Code Elevation of Privilege Vulnerability
Vital
Visible Studio Code
CVE-2025-24042
Visible Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Vital
Home windows Ancillary Serve as Motive force for WinSock
CVE-2025-21418
Home windows Ancillary Serve as Motive force for WinSock Elevation of Privilege Vulnerability
Vital
Home windows CoreMessaging
CVE-2025-21358
Home windows Core Messaging Elevation of Privileges Vulnerability
Vital
Home windows CoreMessaging
CVE-2025-21184
Home windows Core Messaging Elevation of Privileges Vulnerability
Vital
Home windows DHCP Consumer
CVE-2025-21179
DHCP Consumer Carrier Denial of Carrier Vulnerability
Vital
Home windows DHCP Server
CVE-2025-21379
DHCP Consumer Carrier Far flung Code Execution Vulnerability
Crucial
Home windows Disk Cleanup Device
CVE-2025-21420
Home windows Disk Cleanup Device Elevation of Privilege Vulnerability
Vital
Home windows DWM Core Library
CVE-2025-21414
Home windows Core Messaging Elevation of Privileges Vulnerability
Vital
Home windows Installer
CVE-2025-21373
Home windows Installer Elevation of Privilege Vulnerability
Vital
Home windows Web Connection Sharing (ICS)
CVE-2025-21216
Web Connection Sharing (ICS) Denial of Carrier Vulnerability
Vital
Home windows Web Connection Sharing (ICS)
CVE-2025-21212
Web Connection Sharing (ICS) Denial of Carrier Vulnerability
Vital
Home windows Web Connection Sharing (ICS)
CVE-2025-21352
Web Connection Sharing (ICS) Denial of Carrier Vulnerability
Vital
Home windows Web Connection Sharing (ICS)
CVE-2025-21254
Web Connection Sharing (ICS) Denial of Carrier Vulnerability
Vital
Home windows Kerberos
CVE-2025-21350
Home windows Kerberos Denial of Carrier Vulnerability
Vital
Home windows Kernel
CVE-2025-21359
Home windows Kernel Safety Function Bypass Vulnerability
Vital
Home windows LDAP – Light-weight Listing Get entry to Protocol
CVE-2025-21376
Home windows Light-weight Listing Get entry to Protocol (LDAP) Far flung Code Execution Vulnerability
Crucial
Home windows Message Queuing
CVE-2025-21181
Microsoft Message Queuing (MSMQ) Denial of Carrier Vulnerability
Vital
Home windows NTLM
CVE-2025-21377
NTLM Hash Disclosure Spoofing Vulnerability
Vital
Home windows Far flung Desktop Products and services
CVE-2025-21349
Home windows Far flung Desktop Configuration Carrier Tampering Vulnerability
Vital
Home windows Resilient Document Machine (ReFS) Deduplication Carrier
CVE-2025-21183
Home windows Resilient Document Machine (ReFS) Deduplication Carrier Elevation of Privilege Vulnerability
Vital
Home windows Resilient Document Machine (ReFS) Deduplication Carrier
CVE-2025-21182
Home windows Resilient Document Machine (ReFS) Deduplication Carrier Elevation of Privilege Vulnerability
Vital
Home windows Routing and Far flung Get entry to Carrier (RRAS)
CVE-2025-21410
Home windows Routing and Far flung Get entry to Carrier (RRAS) Far flung Code Execution Vulnerability
Vital
Home windows Routing and Far flung Get entry to Carrier (RRAS)
CVE-2025-21208
Home windows Routing and Far flung Get entry to Carrier (RRAS) Far flung Code Execution Vulnerability
Vital
Home windows Setup Recordsdata Cleanup
CVE-2025-21419
Home windows Setup Recordsdata Cleanup Elevation of Privilege Vulnerability
Vital
Home windows Garage
CVE-2025-21391
Home windows Garage Elevation of Privilege Vulnerability
Vital
Home windows Telephony Server
CVE-2025-21201
Home windows Telephony Server Far flung Code Execution Vulnerability
Vital
Home windows Telephony Carrier
CVE-2025-21407
Home windows Telephony Carrier Far flung Code Execution Vulnerability
Vital
Home windows Telephony Carrier
CVE-2025-21406
Home windows Telephony Carrier Far flung Code Execution Vulnerability
Vital
Home windows Telephony Carrier
CVE-2025-21200
Home windows Telephony Carrier Far flung Code Execution Vulnerability
Vital
Home windows Telephony Carrier
CVE-2025-21371
Home windows Telephony Carrier Far flung Code Execution Vulnerability
Vital
Home windows Telephony Carrier
CVE-2025-21190
Home windows Telephony Carrier Far flung Code Execution Vulnerability
Vital
Home windows Replace Stack
CVE-2025-21347
Home windows Deployment Products and services Denial of Carrier Vulnerability
Vital
Home windows Win32 Kernel Subsystem
CVE-2025-21367
Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Vital
