Microsoft Patch Tuesday – February 2025

---

Microsoft’s February 2025 Patch Tuesday is a significant update, addressing a total of 55 vulnerabilities, including four zero-day vulnerabilities with two actively exploited in the wild. Here’s a detailed breakdown of these updates, emphasizing the critical and zero-day vulnerabilities:

Zero-Day Vulnerabilities

CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability

• Description: This vulnerability allows attackers to elevate their privileges and delete targeted files on a system. The flaw is due to improper handling of certain requests in Windows Storage, enabling attackers to perform unauthorized actions.
• CVSS Score: 8.8 (High)
• Impact: Successful exploitation can lead to data loss and potential service disruptions, as attackers can delete critical files and interfere with system operations.

CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

• Description: This vulnerability allows threat actors to gain SYSTEM privileges in Windows, giving them full control over the affected system. The issue arises from insufficient validation of certain inputs in the Ancillary Function Driver for WinSock.
• CVSS Score: 8.8 (High)
• Impact: Exploitation can result in complete system compromise, allowing attackers to execute arbitrary code, install malicious software, and manipulate system settings.

CVE-2025-21194: Microsoft Surface Security Feature Bypass Vulnerability

• Description: A hypervisor vulnerability that allows attackers to bypass UEFI (Unified Extensible Firmware Interface) and compromise the secure kernel. The flaw exists due to inadequate security checks in the hypervisor.
• CVSS Score: 9.0 (Critical)
• Impact: Attackers can gain control over the secure kernel, potentially leading to unauthorized access to sensitive information and the ability to modify critical system settings.

CVE-2025-21377: NTLM Hash Disclosure Spoofing Vulnerability

• Description: This vulnerability exposes a Windows user’s NTLM (NT LAN Manager) hashes, allowing remote attackers to potentially log in as the user. The flaw is due to improper handling of NTLM authentication processes.
• CVSS Score: 7.8 (High)
• Impact: Attackers can use the disclosed NTLM hashes to authenticate themselves as the user, gaining unauthorized access to the user’s data and system resources.

Critical Vulnerabilities

CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

• Description: This vulnerability allows remote code execution through a specially crafted request to a vulnerable LDAP server. The flaw exists due to improper handling of certain LDAP requests.
• CVSS Score: 9.0 (Critical)
• Impact: Successful exploitation can enable attackers to execute arbitrary code on the affected system, potentially leading to full system compromise.

CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability

• Description: This vulnerability can be exploited via the Preview Pane, meaning that user interaction is not required for a successful exploit. The flaw exists in the way Microsoft Excel handles certain files.
• CVSS Score: 9.0 (Critical)
• Impact: Exploitation can allow attackers to execute arbitrary code within the context of the Excel application, potentially leading to data loss and system compromise.

CVE-2025-21388: Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

• Description: This vulnerability allows attackers to gain elevated privileges in Microsoft Dynamics 365 Sales. The issue arises from improper handling of user inputs in the application.
• CVSS Score: 8.8 (High)
• Impact: Attackers can gain elevated privileges, allowing them to access sensitive data and perform unauthorized actions within the application.

Non-Security Updates

• Improved Previews for Apps on the Taskbar: Enhanced previews and animations for apps on the taskbar.
• New Windows Studio Effects Icon: A new icon in the system tray for Windows Studio Effects.
• File Explorer Improvements: Added “New Folder” command to the context menu in File Explorer.
• Mouse Performance Improvements: Fixes for various mouse-related issues.
• Time Zone Settings: Ability to change time zones without admin rights.
• OneDrive Continuity Feature: Resume work on OneDrive files across devices.
• Windows Share: Direct sharing to apps that support sharing in Windows.
• Magnifier App Updates: New keyboard shortcuts and buttons for zoom control.

Additional Updates for Office

• Security Updates: Various security updates for Microsoft Office applications, including Excel, Access, and SharePoint.
• Office 2016 Updates: Multiple updates to enhance security and performance.

Mitigation Measures

• Apply Patches: Users are strongly advised to apply the patches immediately to protect their systems from these vulnerabilities.
• Enable Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security.
• Regular Security Audits: Conduct regular security audits and code reviews to identify and address potential vulnerabilities.

Microsoft’s February 2025 Patch Tuesday is crucial for maintaining the security and integrity of your systems. Applying these updates promptly will help mitigate the risks associated with these vulnerabilities.