Microsoft has rolled out its February 2025 Patch Tuesday updates, addressing critical security risks across its software ecosystem. The update resolves 63 vulnerabilities which includes 4 zero-day vulnerabilities, with two actively exploited in attacks. The patches aim to strengthen defences against potential cyberattacks. Users are advised to update immediately.
On Patch Tuesday, 11 Feb 2025 Microsoft has released fixes for 63 flaws including 4 zero-days, 2 of which are actively exploited and also 4 non-Microsoft CVEs.
The major categories for these vulnerabilities are as follows:
- Elevation of Privilege – 20
- Security Feature Bypass – 02
- Denial of Service – 09
- Remote Code Execution (RCE)- 25
- Information Disclosure – 01
- Tampering – 1
- Spoofing – 5
Of the vulnerabilities addressed this month, 39.6% were related to Remote Code Execution, while 31.7% were related to Elevation of Privilege.
Following are the 4 zero days where first two in the list are actively exploited vulnerabilities:
- CVE-2025-21418
- CVE-2025-21391
- CVE-2025-21194
- CVE-2025-21377
CVE-2025-21391 is associated with Windows Storage Elevation of Privilege Vulnerability, CVE-2025-21418 is with Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. While CVE-2025-21194 and CVE-2025-21377 are associated with Microsoft Surface and Windows NTLM vulnerabilities respectively.
4 non-Microsoft CVEs are:
- CVE-2023-32002
- CVE-2025-0444
- CVE-2025-0445
- CVE-2025-0451
All the above mentioned CVEs are related to Chromium based vulnerabilities (Microsoft Edge).
Apart from Microsoft few other vendors have also provided fixes:
Adobe: Adobe released updates for applications including Adobe Photoshop, Substance3D, Illustrator and Animate.
Apple: Apple released updates for iOS 18.3.1 and iPadOS 18.3.1
Cisco: Cisco released updates for its products including Cisco IOS, ISE, NX-OS, and Identity Services.
Google: Google has released updates to patch 48 vulnerabilities, including a zero-day kernel vulnerability.
Ivanti: Ivanti released updates for its products including Connect Secure and Policy Secure
SAP: SAP released updates for multiple products including SAP NetWeaver and SAP BusinessObjects Business Intelligence platform.
Here are 10 essential pieces of advice for users regarding Microsoft’s February 2025 Patch Tuesday updates:
- Update Immediately: Install the February 2025 Patch Tuesday updates as soon as possible. Microsoft has addressed four zero-day vulnerabilities that are actively exploited in the wild, so prompt action will minimize risk.
- Prioritize Critical Systems: If managing a large IT environment, prioritize updating critical systems such as Windows servers and workstations first, especially those exposed to external networks, to quickly bolster key defenses.
- Use Microsoft Update Tools: Ensure that automatic updates are enabled in Windows Update for personal devices, and consider using centralized tools like Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager for enterprise environments.
- Secure Edge and Office Applications: Make sure to update Microsoft Edge and Office applications, as some of the vulnerabilities affect these programs. Keeping them updated helps protect against potential threats targeting popular productivity tools.
- Patch All Network-Exposed Devices: Network-exposed devices are particularly vulnerable to attacks. Make sure to patch any device connected to the internet or other untrusted networks, including endpoints and remote machines.
- Disable Workarounds Where Applicable: If any previous workarounds or temporary mitigations were applied to address vulnerabilities, review and disable them after applying the patches to ensure software functionality returns to normal.
- Educate Users on Phishing and Social Engineering: The patch addresses vulnerabilities that could be exploited via malicious links or attachments. Reinforce user education on avoiding suspicious emails, links, and attachments.
- Monitor for Anomalous Activity: Since these vulnerabilities have been actively exploited, monitor logs and endpoint activity for unusual behavior that might indicate attempted exploitation or malware activity.
- Backup Critical Data: Ensure that recent backups of important data are available and secure. While this is a general best practice, it is especially critical during periods of heightened vulnerability due to zero-day risks.
- Review Microsoft’s Security Documentation: Microsoft often provides technical details on vulnerabilities and affected systems in their security bulletins. Review these documents to fully understand the patches’ scope and any additional steps required in your environment.
Following these best practices will help reduce your exposure to the vulnerabilities addressed in this month’s Patch Tuesday and strengthen your organization’s security posture against potential threats.
Conclusion:
The February Patch Tuesday brought critical security fixes, addressing multiple vulnerabilities, including remote code execution and denial of services flaws in key Microsoft products, underscoring the importance of timely patching to protect against potential exploits.
