Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild.
Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these vulnerabilities are listed as publicly known, and two are actively exploited in the wild.
Three of these vulnerabilities are rated Critical, 53 are rated Important, and one is rated Moderate in severity.
The actively exploited vulnerabilities are a Windows Storage Elevation of Privilege Vulnerability (CVE-2025-21391) and Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2025-21418).
CVE-2025-21391 is a Windows Storage privilege escalation flaw exploited in the wild. It allows attackers to delete files and may be paired with code execution for full system takeover.
“An attacker would only be able to delete targeted files on a system.” reads the advisory. “This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.”
CVE-2025-21418 is a Windows Ancillary Function Driver for WinSock privilege escalation flaw. It could allow an authenticated user to run a crafted program to gain SYSTEM privileges, likely paired with code execution for full system takeover.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory.
The other zero-day flaws labeled as publicly disclosed:
- CVE-2025-21194 is a Microsoft Surface hypervisor flaw that allows attackers to bypass UEFI and compromise the secure kernel. It affects virtual machines on certain hardware and is likely linked to the PixieFail vulnerabilities.
- CVE-2025-21377 is an NTLM hash disclosure flaw that lets attackers steal Windows user hashes via minimal file interaction. Hackers can use these hashes in pass-the-hash attacks or crack them to obtain plaintext passwords.
The full list of flaws addressed by Microsoft for Microsoft Patch Tuesday security updates for February 2025 is available here.
“After a couple of record-breaking releases, this volume of fixes is more in line with expectations. Let’s hope this trend, rather than monster releases, remains the norm for 2025.” states ZDI.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Patch Tuesday)
