February Security Update: A Critical Overview of Microsoft’s Latest Vulnerabilities
63 CVEs and 2 Zero-Days in Focus
Critical Flaws: Immediate Action Required
Microsoft’s February Security Update: Fewer Vulnerabilities, But Critical Threats Remain
Microsoft’s February security update brings a sigh of relief for system administrators, as it addresses 63 vulnerabilities compared to January’s staggering 159. However, experts warn that the current update still harbors critical threats that necessitate immediate attention.
Among the highlighted vulnerabilities are two serious zero-day exploits currently being leveraged by attackers. The first, CVE-2025-21418, presents an elevation-of-privilege vulnerability in Windows Ancillary Function Driver, scoring 7.8 on the CVSS scale. The second flaw, CVE-2025-21391, scores slightly lower at 7.1 and affects Windows Storage. Both vulnerabilities allow attackers to gain elevated privileges, which could lead to significant network breaches.
In addition to these zero-days, Microsoft has issued patches for CVE-2025-21377, a critical NTLM hash disclosure vulnerability, previously identified with no immediate fix back in December 2024. This flaw allows attackers to steal NTLM credentials simply by sending a malicious file—another urgent issue for organizations to address.
"Mitigating these vulnerabilities should be a top priority," advises Kev Breen, senior director of cyber threat research at Immersive Labs, warning that successful exploits can grant attackers SYSTEM-level access. The critical severity of CVE-2025-21177, affecting Microsoft Dynamics 365 Sales, further underscores the pressing need for organizations to remain vigilant.
Despite the reduction in vulnerabilities compared to the previous month, security experts emphasize that the fewer number does not equate to a decrease in seriousness. With ongoing attacks exploiting these vulnerabilities in real-time, administrators are urged to implement the necessary patches without delay to safeguard their systems from impending threats.