Microsoft just patched a host of worrying security issues, so update now

News
By published

February's Patch Tuesday is upon us

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)
  • Microsoft releases February 2025 Patch Tuesday cumulative update
  • It fixes 55 security flaws, including four zero-days
  • Of the four zero-days, two are being actively exploited

Microsoft has fixed a total of 55 Windows security vulnerabilities, including four zero-day bugs, including two that are being actively exploited in the wild.

Since some of the bugs addressed in the cumulative update are being actively exploited in the wild, users are advised to apply the fix immediately. The two flaws in question are CVE-2025-21391 (Windows Storage Elevation of Privilege vulnerability) and CVE_2025-21418 (Windows Ancillary Function Driver for WinSock Elevation of Privilege vulnerability).

Threat actors could use the first one to delete files from a target system, and the second one to gain SYSTEM privileges in Windows. Microsoft did not want to discuss who was abusing these flaws, how, or against whom.

Protect yourself from identity theft online

Protect yourself from identity theft online

Go Incogni and get 55% off using code TECHRADAR. Incogni erases you and your family from the sites that expose your personal information to identity thieves and robocalls.

Preferred partner (What does this mean?

View Deal

Notable mentions

In total, Microsoft addressed 19 Elevation of Privilege bugs, 2 Security Feature Bypass bugs, 22 Remote Code Execution flaws, one Information Disclosure bug, nine Denial of Service vulnerabilities, and three Spoofing flaws in its Patch Tuesday cumulative update.

Other two notable mentions are CVE-2025-21194 and CVE-2025-21377. These two are also zero-day vulnerabilities, but there is no evidence of cybercriminals abusing them just yet. That being said, the first one could be used to bypass the UEFI and lead to compromise of the hypervisor and the secure kernel, while the second one is an NTLM Hash Disclosure Spoofing flaw that allows cybercriminals to potentially log in as the target user.

"Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability." Microsoft said in the advisory.

Aside from Patch Tuesday, Microsoft also addressed Edge browser flaws in a separate patch, fixing 10 vulnerabilities in the process. Furthermore, there was a critical Microsoft Dynamics 365 Sales elevation of privilege bug that was separately addressed.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
US government warns users to patch this critical Microsoft Outlook bug
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Latest in Security
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
More about security
China

Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
A robot painting, created by ChatGPT.

ChatGPT’s new AI image capabilities are genuinely amazing, but they’re so frustrating to use that it made me want to throw my laptop in the trash
See more latest
Most Popular
Kelsey Asbille as Monica Long and Luke Grimes as Kacey Dutton embrace in Yellowstone season 5, part 2
Taylor Sheridan’s Yellowstone universe is expanding outside of Paramount+ again with another spin-off reportedly in the works
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
The Backbone One Xbox Edition.
I'm not waiting for a dedicated Xbox handheld any longer thanks to the new Backbone One: Xbox Edition
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed
Netflix is firing up the Mystery Machine with a live action Scooby-Doo series
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025