Microsoft’s February security update has been released with a significantly lower number of vulnerabilities compared to the previous month, but IT admins are still advised to act promptly due to the critical nature of some of the issues.
The latest update from Microsoft includes patches for a total of 63 unique CVEs, which is a notable decrease from the massive 159 CVEs disclosed in January, including eight zero-day vulnerabilities. Among the vulnerabilities addressed in the February update are two zero-days that are actively being exploited in the wild, two more that are publicly known but not yet exploited, a patch for a zero-day disclosed in December 2024, and several other common vulnerabilities and exposures (CVEs) with potentially severe consequences for organizations.
The two zero-day vulnerabilities being actively exploited are CVE-2025-21418, an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock, and CVE-2025-21391, another elevation of privilege issue affecting Windows Storage. While Microsoft’s advisories do not provide details on exploitation activity, security researchers emphasize the urgency of addressing these vulnerabilities to prevent potential security breaches.
CVE-2025-21418 allows for local exploitation, meaning an attacker must already have access to the target machine through phishing attacks or other means. Despite this limitation, attackers can use the vulnerability to disable security tools, extract credentials, or move laterally within the network. Exploiting this flaw can grant the attacker SYSTEM level privileges, highlighting the importance of immediate patching.
On the other hand, CVE-2025-21391, the Windows Storage zero-day, poses a threat to data integrity and availability rather than unauthorized access. Attackers could potentially delete targeted files on a system by exploiting this vulnerability, underscoring the need for organizations to apply the available patches promptly.
Additionally, CVE-2025-21377, an NTLM hash disclosure spoofing vulnerability, is flagged as a high priority by security experts. This bug, originally disclosed in December 2024 without a patch available at the time, allows threat actors to steal NTLM credentials by sending malicious files to victims. Simply viewing the file in Explorer could trigger the vulnerability, making it a critical issue that requires immediate attention.
Among the critical flaws addressed in the February update are CVE-2025-21379, an RCE in the DHCP client service; CVE-2025-21177, a privilege elevation vulnerability in Microsoft Dynamics 365 Sales; CVE-2025-21381, a Microsoft Excel RCE; and CVE-2025-21376, an RCE in Windows LDAP. While some vulnerabilities may require no action from affected customers, such as CVE-2025-21177, IT admins are advised to stay vigilant and apply necessary updates to mitigate potential risks.
It’s worth noting that CVE-2025-21198, with a severity score of 9.0, is a critical RCE affecting Microsoft High Performance Compute (HPC) Pack. However, the networking requirements for exploiting this vulnerability somewhat limit its impact, as attackers must have access to the network used to connect to the high-performance cluster.
Overall, while the February security update from Microsoft presents a lower number of vulnerabilities compared to previous months, the critical nature of some of the issues underscores the importance of prompt patch management to enhance cybersecurity defenses and protect organizational assets.