Microsoft has released its February 2025 security updates, addressing 67 vulnerabilities across Windows, Office, Azure, Visual Studio, and Remote Desktop Services. The update includes patches for two actively exploited zero-day vulnerabilities that require immediate mitigation.
Microsoft Zero-Day Vulnerabilities
- CVE-2025-21391 – Windows Storage Elevation of Privilege
Allows attackers to delete specific files, potentially disrupting services and compromising system integrity. - CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege
Enables attackers to obtain SYSTEM privileges, significantly increasing the risk of full system control.
Both vulnerabilities are listed in CISA’s Known Exploited Vulnerabilities Catalog, indicating active exploitation.
Publicly Disclosed Vulnerabilities
- CVE-2025-21377 – NTLM Hash Disclosure Spoofing
Attackers can extract NTLMv2 hashes, facilitating credential theft and impersonation attacks. - CVE-2025-21194 – Microsoft Surface Security Feature Bypass
Allows attackers on restricted networks to bypass security features on Surface devices.
Other Notable Fixes
- CVE-2025-21376 – Windows LDAP Remote Code Execution
Unauthenticated attackers can execute arbitrary code, posing a risk of network compromise. - CVE-2025-21381 – Microsoft Excel Remote Code Execution
Crafted spreadsheets can deliver malicious payloads on unpatched systems.
Severity Breakdown
- 3 Critical
- 53 Important
- 1 Moderate
Recommended Actions
Organizations should apply patches immediately to mitigate exploitation risks. Unpatched systems remain vulnerable to privilege escalation, credential theft, and remote code execution. Prioritizing critical updates is necessary to protect infrastructure and sensitive data.