Microsoft Fixes 55 Vulnerabilities in Latest Patch Tuesday Update

Microsoft’s February 2025 Patch Tuesday update fixes 55 security vulnerabilities, including four zero-day flaws, two of which were actively exploited. Key patches address elevation of privilege issues in Windows storage and network components. Users should install the update immediately to protect their systems from potential attacks.

CONTENTS:

• Microsoft Patches 55 Security Vulnerabilities in February 2025 Update, Including Two Zero-Days Exploited in the Wild
• Install This Windows Security Patch Immediately

Microsoft Fixes 55 Vulnerabilities in Latest Patch Tuesday Update

Microsoft Patches 55 Security Vulnerabilities in February 2025 Update, Including Two Zero-Days Exploited in the Wild

Microsoft addressed 55 security vulnerabilities in its February 2025 Patch Tuesday update, including three classified as critical and 52 deemed important. Notably, two of these vulnerabilities were actively exploited in the wild.

The patches cover various Microsoft products and services, including:

• Active Directory Domain Services
• Azure Active Directory
• Azure Firmware
• Azure Network Watcher
• Microsoft AutoUpdate (MAU)
• Microsoft Digest Authentication
• Microsoft High Performance Compute Pack (HPC) Linux Node Agent
• Microsoft Office (Excel, SharePoint)
• Microsoft PC Manager
• Microsoft Streaming Service
• Microsoft Surface
• Microsoft Windows
• Outlook for Android
• Visual Studio and Visual Studio Code
• Windows components such as the Ancillary Function Driver for WinSock, CoreMessaging, DHCP Client and Server, DWM Core Library, Internet Connection Sharing, Kernel, LDAP, Message Queuing, NTLM, Remote Desktop Services, ReFS Deduplication Service, Routing and Remote Access Service (RRAS), Telephony Server and Service, Update Stack, Win32 Kernel Subsystem, and others.

Microsoft Fixes 55 Vulnerabilities in Latest Patch: Among the vulnerabilities patched, 38.2% were remote code execution (RCE) flaws, while 34.5% were elevation of privilege (EoP) vulnerabilities.

Cybersecurity firm Tenable noted that one vulnerability reported via HackerOne was not included in Microsoft’s count.

Tenable Senior Researcher Satnam Narang identified the two actively exploited zero-day vulnerabilities:

• CVE-2025-21418, an elevation of privilege issue in afd.sys, the Windows Ancillary Function Driver for WinSock, which enables applications to establish internet connections.
• CVE-2025-21391, another elevation of privilege flaw related to Windows file storage.

“These vulnerabilities appear to be post-compromise threats, meaning attackers would first need local access to a vulnerable system—potentially through exploiting another flaw, social engineering, or compromised credentials,” Narang explained.

So far in 2025, five zero-day vulnerabilities exploited in the wild have been patched, all classified as elevation of privilege flaws.

Narang also noted that since 2022, Microsoft has patched nine elevation of privilege vulnerabilities in the Windows Ancillary Function Driver for WinSock, with three discovered each year. One of these, CVE-2024-38193, was linked to North Korea’s Lazarus Group (also known as Hidden Cobra or Diamond Sleet), which used it to deploy an updated version of the FudModule rootkit for persistence and stealth. It remains uncertain whether Lazarus Group was also behind CVE-2025-21418.

Additionally, Narang highlighted that Microsoft has addressed seven elevation of privilege vulnerabilities related to Windows Storage since 2022, with two in 2022, one in 2023, and four in 2024. However, CVE-2025-21391 is the first to be confirmed as a zero-day actively exploited in the wild.

Install This Windows Security Patch Immediately

Microsoft Fixes 55 Vulnerabilities in Latest Patch:

Microsoft has released its February 2025 Patch Tuesday update, a critical monthly security and stability update for Windows. While these updates may not introduce new features, they play a crucial role in protecting users from vulnerabilities and threats.

According to Bleeping Computer, this latest patch resolves 55 security flaws, including:

• 22 remote code execution (RCE) vulnerabilities
• 19 elevation of privilege (EoP) vulnerabilities
• 9 denial of service (DoS) vulnerabilities
• 3 spoofing vulnerabilities
• 2 security feature bypass vulnerabilities
• 1 information disclosure vulnerability

Key Fixes in the Latest Patch Tuesday Update

Among the 55 security flaws, four were classified as zero-day vulnerabilities—security flaws publicly known before a fix was available. Two of these were particularly concerning due to active exploitation.

Publicly Disclosed Zero-Day Vulnerabilities (Not Yet Exploited)

• CVE-2025-21194 – A Microsoft Surface security feature bypass vulnerability. This flaw could potentially bypass the Unified Extensible Firmware Interface (UEFI), compromising both the hypervisor and secure kernel. If exploited, attackers could manipulate the core components powering virtual machines and Windows itself.
• CVE-2025-21377 – An NTLM hash disclosure spoofing vulnerability. This issue allowed attackers to access NTLM hashes and retrieve plain-text passwords. Simply interacting with a malicious file—such as right-clicking it—could trigger the exploit, enabling attackers to log in as the affected user. Microsoft has provided minimal details regarding this vulnerability.

Actively Exploited Zero-Day Vulnerabilities

• CVE-2025-21391 – A Windows storage elevation of privilege vulnerability. Attackers could leverage this flaw to delete targeted files on an affected system. While it did not allow direct access to confidential data, the ability to remove files posed a serious risk to system integrity.
• CVE-2025-21418 – An elevation of privilege vulnerability in Windows. This flaw enabled attackers to gain system-level privileges, significantly increasing their control over a compromised machine.

Microsoft has not disclosed details on how these two actively exploited vulnerabilities were used in real-world attacks or who discovered them.

Why You Should Update Now: Microsoft Fixes 55 Vulnerabilities in Latest Patch:

With two zero-days already being exploited, it is crucial to install this security update immediately to prevent potential attacks. Cybercriminals often target unpatched systems, and delaying updates increases the risk of falling victim to these vulnerabilities.

How to Install the Latest Windows Security Update: Microsoft Fixes 55 Vulnerabilities in Latest Patch:

To ensure your system is protected, follow these steps:

1. Open Start and go to Settings.
2. Select Windows Update.
3. Click Check for updates and install any available patches.

Staying up to date with Microsoft’s security updates is essential to keeping your computer safe from known and emerging threats.