February 2025 Patch Tuesday: A Crucial Microsoft Update
This February, Microsoft has delivered an essential Patch Tuesday update, tackling a total of 55 security vulnerabilities, including four critical zero-day flaws. These zero-days, with two already being exploited in the wild, highlight Microsoft’s ongoing commitment to strengthening cybersecurity measures.
Addressing Critical Vulnerabilities
In this month’s update, Microsoft has resolved three critical vulnerabilities, all related to remote code execution. Here’s a breakdown of the vulnerabilities addressed:
- 19 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 22 Remote Code Execution Vulnerabilities
- 1 Information Disclosure Vulnerability
- 9 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Notably, these figures exclude a significant Microsoft Dynamics 365 Sales privilege escalation flaw and 10 Microsoft Edge vulnerabilities fixed earlier this month.
Actively Exploited Zero-Days
CVE-2025-21391: Windows Storage Elevation of Privilege
A zero-day vulnerability allowing attackers to delete specific files on a system has been patched. While it doesn’t expose confidential data, it poses a risk by potentially disrupting services.
CVE-2025-21418: WinSock Elevation of Privilege
This second zero-day enables attackers to gain SYSTEM privileges in Windows. Although details about its exploitation are undisclosed, it was reported anonymously.
Publicly Disclosed Zero-Days
CVE-2025-21194: Surface Security Feature Bypass
Discovered by Quarkslab researchers, this vulnerability allows attackers to bypass UEFI on certain hardware, compromising the hypervisor and secure kernel. It is linked to the PixieFail vulnerabilities affecting the IPv6 network protocol stack used by Microsoft Surface.
CVE-2025-21377: NTLM Hash Disclosure
A publicly disclosed bug that exposes NTLM hashes, potentially allowing remote attackers to impersonate a user. Minimal interaction with a malicious file can trigger this flaw, leading to potential pass-the-hash attacks.
Updates Beyond Microsoft
In addition to Microsoft’s updates, other vendors have released their security advisories for February 2025. For a comprehensive list of resolved vulnerabilities and affected systems, you can view the full report here.
Summary and Call to Action
This month’s Patch Tuesday underscores the critical need for regular updates to mitigate vulnerabilities, especially those actively exploited. Ensure your systems are updated to safeguard against these critical threats. For more detailed information, visit Bleeping Computer. Stay informed and secure your digital environment today!
For related updates, check out the February 3 Update for Black Ops 6 & Warzone: Weapon Adjustments and Zombies Fixes and the Apex Legends Season 24: Major Updates and New Perks Revealed.
Your engagement and proactive measures in cybersecurity can help create a safer digital space. Share your thoughts or any additional insights in the comments below!
