Microsoft February 2025 Patch Tuesday

February’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Microsoft Dynamics 365 Sales, Windows DHCP Client, Windows Message Queuing, Microsoft Office, Windows Resilient File System (ReFS) Deduplication Service, Windows CoreMessaging, Microsoft High-Performance Compute Pack (HPC) Linux Node Agent, Windows Routing and Remote Access Service (RRAS), Active Directory Domain Services, Windows Internet Connection Sharing (ICS), Windows Remote Desktop Services, Windows Kerberos, Windows Telephony Service, Microsoft Edge (Chromium-based), Microsoft Surface, and Azure Network Watcher.

The actively exploited zero-day vulnerabilities in February’s Patch are:

• Windows Storage Elevation of Privilege Vulnerability “CVE-2025-21391” allows attackers to delete data that could include data that results in the service being unavailable.
• Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability “CVE-2025-21418” allows threat actors to gain SYSTEM privileges in Windows.

The publicly disclosed zero-day vulnerabilities in February’s Patch are:

• Microsoft Surface Security Feature Bypass Vulnerability “CVE-2025-21194” allows attackers to bypass UEFI and compromise the secure kernel.
• NTLM Hash Disclosure Spoofing Vulnerability “CVE-2025-21377” allows a remote attacker to log in as the user.

Sample of the addressed vulnerabilities:

1. Microsoft High-Performance Compute (HPC) Pack Remote Code Execution Vulnerability (CVE-2025-21198):

• CVSS: 9.0
• Attack Vector: Adjacent
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Access

2. Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190):

• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access