Microsoft Patch Tuesday – February 2025: Key Security Fixes and Zero-Day Vulnerabilities
Microsoft’s February 2025 Patch Tuesday addresses 56 vulnerabilities, including two actively exploited zero-day flaws (CVE-2025-21418 and CVE-2025-21391) affecting Windows. Other key fixes include NTLMv2 hash theft (CVE-2025-21377), Apple iOS 18.3.1, and Adobe updates. Microsoft also raises prices for Office 365, pushing AI-powered Microsoft 365 Copilot, with an AI-free Microsoft 365 Classic available upon cancellation.
Microsoft Patch Tuesday – February 2025: Key Security Fixes and Zero-Day Vulnerabilities
Microsoft Patch Tuesday – February 2025: Key Security Fixes and Zero-Day Vulnerabilities
On February 11, 2025, Microsoft released security updates addressing at least 56 vulnerabilities across Windows and supported software. This month’s patches include two actively exploited zero-day flaws that demand immediate attention.
Critical Zero-Day Vulnerabilities
CVE-2025-21418 – Buffer Overflow Exploit
Affects all supported Windows versions.
Low attack complexity, no user interaction required.
Being actively exploited.
Similar to previous elevation of privilege flaws in Windows, including CVE-2024-38193, which was used by the North Korean Lazarus Group for persistent attacks.
CVE-2025-21391 – Windows Storage Privilege Escalation
Enables file deletion on targeted systems.
Exploitation complexity is low, with no user interaction required.
May lead to SYSTEM access if attackers leverage symbolic link techniques.
Other Notable Vulnerabilities
CVE-2025-21377 – NTLMv2 Hash Theft
Allows attackers to escalate privileges by stealing authentication hashes.
Exploitation possible through minimal user interaction (e.g., selecting or inspecting a malicious file).
Microsoft considers this vulnerability highly likely to be exploited.
For a full list of vulnerabilities, the SANS Internet Storm Center provides an indexed breakdown by severity. Enterprise administrators should also monitor sources like AskWoody for potential patch-related issues.
Other Security Updates
Apple iOS 18.3.1 – Addresses zero-day exploit CVE-2025-24200.
Adobe Security Patches – Fixes 45 vulnerabilities across multiple products, including InDesign, Illustrator, and Photoshop Elements.
Google Chrome & Microsoft Edge – A new Chrome update will soon prompt security updates for Chromium-based browsers, including Edge.
Microsoft 365 Pricing and AI Changes
Microsoft continues integrating its Copilot AI into Windows and Office 365 (now Microsoft 365 Copilot), leading to subscription price increases of 22% to 30%. However, existing users may opt for Microsoft 365 Classic, an AI-free alternative at a lower price—though this option is often only presented when users attempt to cancel their subscriptions.
Security-conscious users and IT administrators should prioritize these updates to safeguard their systems.
You must be logged in to post a comment.