Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws.
The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks.
Zero-days under active exploitation
Among the most critical fixes this month are two zero-day vulnerabilities that have been actively exploited in the wild:
CVE-2025-21391 – Windows Storage Elevation of Privilege
This vulnerability allows attackers with low privileges to delete targeted files on a system. While it does not enable data exfiltration, it can be used to disrupt services and delete critical system files.
CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege
This flaw is a heap-based buffer overflow that allows local attackers to escalate their privileges to SYSTEM level. Successful exploitation could grant full control over the affected system, potentially allowing attackers to disable security protections or execute arbitrary code.
Microsoft has not disclosed details about how these vulnerabilities are being exploited, but given their nature, they are likely being used in targeted attacks.
Other notable fixes
Beyond the two zero-days, this month's Patch Tuesday update includes fixes for several high-severity vulnerabilities affecting core Windows components:
- Windows Telephony Service (CVE-2025-21190, CVE-2025-21406, CVE-2025-21407): These high severity flaws (CVSS score of 8.8) could allow remote attackers to execute malicious code by tricking users into interacting with specially crafted content.
- Microsoft Digest Authentication (CVE-2025-21368, CVE-2025-21369): Two elevation of privilege vulnerabilities that could allow attackers to bypass authentication mechanisms.
- Windows CoreMessaging (CVE-2025-21358, CVE-2025-21184): Memory corruption vulnerabilities that could be exploited for local privilege escalation.
- Windows Routing and Remote Access Service (RRAS) (CVE-2025-21208, CVE-2025-21410): Remote code execution flaws that pose a risk to enterprise networks running RRAS.
- Microsoft Office and Excel (CVE-2025-21381, CVE-2025-21383, CVE-2025-21390, CVE-2025-21392, CVE-2025-21397): Multiple security issues affecting Microsoft Office applications that could allow remote code execution if a user opens a malicious document.
Known issues with the update
While this update addresses critical security risks, there's always the possibility of software upgrades causing breakages. Microsoft has acknowledged some known issues with the latest update, summarized as follows:
- Some users may experience crashes when launching Roblox after installing the update.
- Certain SSH-based connections may fail due to authentication issues.
- Microsoft has identified compatibility problems with some Citrix environments, potentially causing connection failures.
The update is available through multiple distribution channels, including the Windows Update, managed update solutions (Update for Business), and the Microsoft Update Catalog serving standalone packages for manual downloads. Administrators can deploy the patches across networks using Windows Server Update Services (WSUS).
To perform the update, open Settings on the Windows device, head to ‘Update & Security > Windows Update,' and click on ‘Check for updates.' Windows will automatically download and install available security updates for your Windows 11 build. A system restart will be required after the installation of all packages to implement the updates.
Mullvad Partners with Obscura VPN to Offer Two-Hop VPN System
Leave a Reply