The February Patch Tuesday updates brought a sense of normalcy to the world of patch management after the flurry of activity in January. With 37 CVEs addressed in Windows 11 and 33 in Windows 10, along with 8 CVEs fixed in Office 365 online versions and Office 2016, Microsoft made significant strides in addressing vulnerabilities across their platforms.
One key fix in the March preview release resolved an issue with drag-and-drop functionality in Outlook, which had been impacted by a January non-security update and February security update. Additionally, a fix for SSH connections across multiple operating systems was included in the preview release. Microsoft also announced a service-level fix for CVE-2025-24989, a vulnerability in Power Pages on the Microsoft Power Platform that could allow unauthorized attackers to elevate privileges over a network.
In other news, Microsoft revealed that the Skype service will be going offline on May 5th after 14 years of operation. Customers are encouraged to transition to Teams, which offers similar services to Skype. Looking ahead, Patch Tuesday on October 14, 2025, will mark the final updates for Windows 10, Exchange Server 2016, and Exchange Server 2019. Microsoft also provided a 60-day warning in February about deprecating WSUS driver synchronization on April 18, 2025, emphasizing the importance of planning for these upcoming changes.
The cybersecurity landscape remains ever-changing, with two notable threats catching attention in February. The use of polymorphic extensions in Google Chrome, developed by SquareX labs, poses a potential risk by allowing for the substitution of a malicious extension with a legitimate one. Additionally, a series of botnet attacks targeted Microsoft O365 accounts globally, aiming to exploit Basic Authentication to bypass Multi-Factor Authentication without detection. Microsoft plans to disable Basic Auth services and transition to OAuth2 requiring MFA by September 2025 to enhance security.
Looking ahead to the March 2025 Patch Tuesday forecast, Microsoft is expected to release additional security fixes for operating systems, potentially including an Exchange update. Adobe may not have many updates following recent Creative Cloud app updates, with the next major Adobe Acrobat and Reader updates likely slated for April. Apple and Google are also anticipated to release updates later in the month, while Mozilla Foundation has already rolled out critical security updates for various products.
Overall, the upcoming Patch Tuesday is shaping up to be relatively routine, with fixes expected for Outlook and SSH connection issues. Stay vigilant for security updates from Microsoft and other software vendors to ensure a secure and stable computing environment.