February 2025 Patch Tuesday Addresses Two Exploited Zero-Day Vulnerabilities

Published:

spot_img

Microsoft Patch Tuesday – February 2025: Addressing Critical Vulnerabilities

Microsoft’s February 2025 Patch Tuesday Addresses Critical Vulnerabilities

In a significant update released on February 13, 2025, Microsoft has addressed four zero-day vulnerabilities, including two that are currently under active attack. This month’s Patch Tuesday release includes a total of 63 Microsoft Common Vulnerabilities and Exposures (CVEs) alongside four non-Microsoft CVEs, three of which pertain to the Chromium-based Microsoft Edge browser.

Among the vulnerabilities, CVE-2025-21198 stands out as the highest-rated, with a severity score of 9.0. This Remote Code Execution vulnerability affects the Microsoft High Performance Compute (HPC) Pack but is considered lower risk due to its requirement for network access.

The two actively exploited zero-days are CVE-2025-21391, a Windows Storage Elevation of Privilege vulnerability, and CVE-2025-21418, which pertains to the Windows Ancillary Function Driver for WinSock. The former, rated at 7.1, poses a risk of data deletion, while the latter, rated at 7.8, could allow attackers to gain system privileges through a heap-based buffer overflow.

In addition to these zero-days, Microsoft has flagged eight other vulnerabilities as “Exploitation More Likely,” with severity ratings ranging from 7.0 to 8.1. Notable mentions include CVE-2025-21400, a remote code execution vulnerability in Microsoft SharePoint Server, and several elevation of privilege vulnerabilities affecting Windows Core Messaging.

While January’s Patch Tuesday set a record with 159 vulnerabilities, February’s release appears more manageable, providing a crucial opportunity for users and organizations to bolster their defenses against potential cyber threats. As always, users are urged to apply these updates promptly to safeguard their systems.

spot_img

Related articles

Recent articles

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure In a significant development in the fight against cybercrime, three Russian nationals have been indicted...

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect In recent years, the Middle East has emerged as a pivotal hub for global...

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift In a significant development for cybersecurity, Check Point Software has released its...

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...