February 12, 2025 – Microsoft has rolled out its February 2025 Patch Tuesday update, addressing a total of 61 vulnerabilities across its product ecosystem.
The update includes fixes for 25 critical Remote Code Execution (RCE) vulnerabilities, three of which are zero-day vulnerabilities actively exploited in the wild.
The security updates span a wide range of Microsoft products, including Windows, Office, Visual Studio, Azure, and the .NET Framework, emphasizing the need for organizations to act swiftly to mitigate potential threats.
Zero-Day Vulnerabilities: Actively Exploited Threats
Among the patched vulnerabilities, three zero-day flaws were identified as actively exploited:
- CVE-2023-24932: A Secure Boot security feature bypasses vulnerability allowing attackers with physical access or administrative rights to install unauthorized boot policies.
- CVE-2025-21391: A Windows Storage elevation of privilege vulnerability enabling attackers to delete critical data and disrupt services.
- CVE-2025-21418: An elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock, potentially granting SYSTEM-level privileges to attackers.
Microsoft urges users to prioritize patching these zero-day vulnerabilities immediately to prevent further exploitation.
Critical Vulnerabilities: Remote Code Execution Risks
The February update also addresses several critical RCE vulnerabilities that pose significant risks if left unpatched. Notable examples include:
- CVE-2025-21376: A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability enabling remote code execution.
- CVE-2025-21379: A DHCP Client Service RCE vulnerability that could allow attackers to execute code with elevated privileges remotely.
- CVE-2025-21381: An RCE vulnerability in Microsoft Excel triggered by malicious spreadsheet files.
These vulnerabilities highlight the importance of applying updates to prevent potential unauthorized access and system compromise.
Microsoft Patch Tuesday, February 2025 – 61 Vulnerabilities list
| CVE Number | CVE Title | Exploited | c | Max Severity |
| CVE-2025-21376 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-21379 | DHCP Client Service Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-21381 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Yes | Security Feature Bypass | Important |
| CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21188 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21206 | Visual Studio Installer Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21351 | Windows Active Directory Domain Services API Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21352 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21368 | Microsoft Digest Authentication Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21369 | Microsoft Digest Authentication Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21383 | Microsoft Excel Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-21182 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21183 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability | Yes | Elevation of Privilege | Important |
| CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Yes | Elevation of Privilege | Important |
| CVE-2025-21419 | Windows Setup Files Cleanup Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21420 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-24039 | Visual Studio Code Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-21194 | Microsoft Surface Security Feature Bypass Vulnerability | No | Security Feature Bypass | Important |
| CVE-2025-21208 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21406 | Windows Telephony Service Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21407 | Windows Telephony Service Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21410 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21190 | Windows Telephony Service Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21200 | Windows Telephony Service Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21201 | Windows Telephony Server Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21198 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21337 | Windows NTFS Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21347 | Windows Deployment Services Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21349 | Windows Remote Desktop Configuration Service Tampering Vulnerability | No | Tampering | Important |
| CVE-2025-21350 | Windows Kerberos Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21358 | Windows Core Messaging Elevation of Privileges Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21359 | Windows Kernel Security Feature Bypass Vulnerability | No | Security Feature Bypass | Important |
| CVE-2025-21367 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21371 | Windows Telephony Service Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-21386 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21387 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21390 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21392 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21394 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21397 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21400 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-21179 | DHCP Client Service Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21184 | Windows Core Messaging Elevation of Privileges Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21212 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21216 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21254 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-21322 | Microsoft PC Manager Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21414 | Windows Core Messaging Elevation of Privileges Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-21373 | Windows Installer Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-24042 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
Call to Action for Organizations
Microsoft emphasizes the importance of applying these updates promptly, especially given the presence of actively exploited zero-day vulnerabilities and critical RCE flaws.
Cybersecurity professionals are encouraged to implement best practices, including regular system updates, monitoring for unusual activity, and ensuring administrative credentials are secure.
For detailed information on all vulnerabilities patched in this update, refer to Microsoft’s official documentation or consult your IT security team for guidance on deploying these updates effectively.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The update includes fixes for 25 critical RCE vulnerabilities, three of which are zero-day vulnerabilities actively exploited in the wild.){kind=link}