Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws – BleepingComputer
Massive brute force attack uses 2.8 million IPs to target VPN devicesUS indicts 8Base ransomware operators for Phobos encryption attacksSonicWall firewall exploit lets hackers hijack VPN sessions, patch nowApple fixes zero-day exploited in ‘extremely sophisticated’ attacksSarcoma ransomware claims breach at giant PCB maker UnimicronDPRK hackers dupe targets into typing PowerShell commands as adminIvanti fixes three critical flaws in Connect Secure & Policy SecureBadPilot network hacking campaign fuels Russian SandWorm attacksHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeToday is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks.This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities.The number of bugs in each vulnerability category is listed below:The above numbers do not include a critical Microsoft Dynamics 365 Sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities fixed on February 6.To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5051987 & KB5051989 cumulative updates and the Windows 10 KB5051974 update.This month’s Patch Tuesday fixes two actively exploited and two publicly exposed zero-day vulnerabilities.Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.The actively exploited zero-day vulnerability in today’s updates are:CVE-2025-21391 – Windows Storage Elevation of Privilege VulnerabilityMicrosoft has fixed an actively exploited elevation of privileges vulnerability that can be used to delete files.”An attacker would only be able to delete targeted files on a system,” reads Microsoft’s advisory.”This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable,” continued Microsoft.No information has been released about how this flaw was exploited in attacks and who disclosed it.CVE-2025-21418 – Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityThe second actively exploited vulnerability allows threat actors to gain SYSTEM privileges in Windows.It is unknown how it was used in attacks, and Microsoft says this flaw was disclosed anonymously.The publicly disclosed zero-days are:CVE-2025-21194 – Microsoft Surface Security Feature Bypass VulnerabilityMicrosoft says that this flaw is a hypervisor vulnerability that allows attacks to bypass UEFI and compromise the secure kernel.”This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine,” explains Microsoft’s advisory.”On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.”Microsoft says that Francisco Falcón and Iván Arce of Quarkslab discovered the vulnerability.While Microsoft did not share many details about the flaw, it is likely connected to the PixieFail flaws disclosed by the researchers last month. PixieFail is a set of nine vulnerabilities that impact the IPv6 network protocol stack of Tianocore’s EDK II, which is used by Microsoft Surface and the company’s hypervisor products.CVE-2025-21377 – NTLM Hash Disclosure Spoofing VulnerabilityMicrosoft fixed a publicly disclosed bug that exposes a Window user’s NTLM hashes, allowing a remote attacker to potentially log in as the user.”Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.” explains Microsoft’s advisory.While Microsoft has not shared many details about the flaw, it likely acts like other NTLM hash disclosure flaws, where simply interacting with a file rather than opening it could cause Windows to remotely connect to a remote share. When doing so, an NTLM negotiation passes the user’s NTLM hash to the remote server, which the attacker can collect.These NTLM hashes can then be cracked to get the plain-text password or used in pass-the-hash attacks.Microsoft says this flaw was discovered by Owen Cheung, Ivan Sheung, and Vincent Yau with Cathay Pacific, Yorick Koster of Securify B.V., and Blaz Satler with 0patch by ACROS Security.Other vendors who released updates or advisories in February 2025 include:Below is the complete list of resolved vulnerabilities in the February 2025 Patch Tuesday updates.To access the full description of each vulnerability and the systems it affects, you can view the full report here.Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsWindows 10 KB5051974 update force installs new Microsoft Outlook appWindows 10 KB5049981 update released with new BYOVD blocklistWindows 10 KB5048652 update fixes new motherboard activation bugMicrosoft shares workaround for Windows security update issuesNot a member yet? Register NowFortinet discloses second firewall auth bypass patched in JanuaryApple fixes zero-day exploited in ‘extremely sophisticated’ attacksWindows 10 KB5051974 update force installs new Microsoft Outlook appRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Password health-check overdue? Audit your Active Directory for freeRequest your complimentary data risk assessment for AWSRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Get the GOAT Guide to learn how to start validating, start defending, and start winning.Terms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
