Microsoft releases February 2025 patch, fixes 4 zero-days, 3 critical and a total of 57 flaws
Take action: A smaller update package, and "only" two priorities this month - Microsoft Windows and Microsoft Office. Patching Windows is crucial, since there are four zero days - two actively exploited. Then patch MS Office, then the rest of the product suite.
Learn More
Microsoft has released its February 2025 Patch Tuesday security updates, addressing 57 unique vulnerabilities across 13 product families.
This release represents a significant decrease from January's patch volume of 159 CVEs. The patches cover various Microsoft products including Windows, Office, Azure, and other core services.
Four zero-day vulnerabilities are patched:
- CVE-2025-21391 (CVSS score 7.1) actively exploited in the wild - Windows Storage Elevation of Privilege Vulnerability. Allows attackers to delete targeted files on a system without user interaction. Can affect data availability but cannot disclose confidential information
- CVE-2025-21418 (CVSS score 7.8) actively exploited in the wild - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Allows attackers to gain SYSTEM privileges, but requires local access to the target machine. Could be used to disable security tools or enable lateral movement
- CVE-2025-21198 (CVSS score 9.0) - Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. Requires access to the network connecting targeted clusters and exploitable through malicious HTTPS requests
- CVE-2025-21194 (CVSS score 7.1) - Microsoft Surface Security Feature Bypass Vulnerability. Allows attackers to bypass UEFI security and potentially compromise both the hypervisor and secure kernel. Exploit requires specific hardware configurations, access to a restricted network and a system reboot is necessary for exploitation.
- CVE-2025-21377 (CVSS score 6.5) - NTLM Hash Disclosure Spoofing Vulnerability. Affects Windows systems using NTLM authentication. It exposes user NTLM hashes, potentially allowing unauthorized access
Microsoft also warns of these three flaws as critical:
- CVE-2025-21376 (CVSS score 8.1) - Windows LDAP Remote Code Execution Vulnerability. Likely to be exploited in the next 30 days
- CVE-2025-21381 (CVSS score 7.8) - Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21379 (CVSS score 7.1) - DHCP Client Service Remote Code Execution Vulnerability. Could enable attackers to compromise systems via crafted network packets
Microsoft recommends that users and administrators apply these updates as soon as possible through Windows Update, Microsoft Update Catalog, or WSUS for enterprise environments.
Full list of patched vulnrabilities
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Active Directory Domain Services | CVE-2025-21351 | Windows Active Directory Domain Services API Denial of Service Vulnerability | Important |
| Azure Network Watcher | CVE-2025-21188 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Digest Authentication | CVE-2025-21368 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Important |
| Microsoft Digest Authentication | CVE-2025-21369 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics 365 Sales | CVE-2025-21177 | Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2025-21267 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-21279 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21342 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-0445 | Chromium: CVE-2025-0445 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0451 | Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0444 | Chromium: CVE-2025-0444 Use after free in Skia | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-21283 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21404 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-21408 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge for iOS and Android | CVE-2025-21253 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Moderate |
| Microsoft High Performance Compute Pack (HPC) Linux Node Agent | CVE-2025-21198 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-21392 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-21397 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21381 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-21394 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21383 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21390 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21386 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21387 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-21400 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-21322 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Surface | CVE-2025-21194 | Microsoft Surface Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2025-21337 | Windows NTFS Elevation of Privilege Vulnerability | Important |
| Open Source Software | CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability | Important |
| Outlook for Android | CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability | Important |
| Visual Studio | CVE-2025-21206 | Visual Studio Installer Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-24039 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-24042 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows CoreMessaging | CVE-2025-21358 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows CoreMessaging | CVE-2025-21184 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows DHCP Client | CVE-2025-21179 | DHCP Client Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2025-21379 | DHCP Client Service Remote Code Execution Vulnerability | Critical |
| Windows Disk Cleanup Tool | CVE-2025-21420 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-21414 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows Installer | CVE-2025-21373 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21216 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21212 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21352 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21254 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-21350 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-21359 | Windows Kernel Security Feature Bypass Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2025-21376 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows NTLM | CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-21349 | Windows Remote Desktop Configuration Service Tampering Vulnerability | Important |
| Windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21183 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21182 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-21410 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-21208 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Setup Files Cleanup | CVE-2025-21419 | Windows Setup Files Cleanup Elevation of Privilege Vulnerability | Important |
| Windows Storage | CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows Telephony Server | CVE-2025-21201 | Windows Telephony Server Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21407 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21406 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21200 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21371 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21190 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Update Stack | CVE-2025-21347 | Windows Deployment Services Denial of Service Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-21367 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
