Microsoft has released its highly anticipated Patch Tuesday security updates for February 2025, addressing a wide range of vulnerabilities across its products and services.
This month’s release includes fixes for critical remote code execution (RCE) vulnerabilities, elevation of privilege flaws, and other security issues that attackers could potentially exploit.
Organizations and users are urged to apply these updates promptly to safeguard their systems.
Vulnerability Breakdown
The February update included fixes for:
- 25 Remote Code Execution vulnerabilities
- 14 Elevation of Privilege vulnerabilities
- 6 Denial of Service vulnerabilities
- 4 Security Feature Bypass vulnerabilities
- 2 Spoofing vulnerabilities
- 1 Information Disclosure vulnerability
Microsoft Patch Tuesday, February 2025
This month’s update addresses over 61 vulnerabilities, including critical and important issues. The most notable fixes include:
Critical Vulnerabilities
CVE-2025-21376 – This critical vulnerability could allow attackers to execute arbitrary code remotely by exploiting the LDAP protocol. Organizations relying on LDAP services are strongly advised to prioritize this update.
CVE-2025-21379 – A flaw in the DHCP client service could enable attackers to compromise systems via specially crafted network packets. This vulnerability is classified as critical due to its potential for remote exploitation.
CVE-2025-21381, CVE-2025-21386, CVE-2025-21387 – Multiple vulnerabilities in Microsoft Excel could allow malicious actors to execute code by convincing users to open specially crafted files.
CVE-2025-21406, CVE-2025-21407 – These vulnerabilities affect the Windows Telephony Service and could be exploited remotely to execute arbitrary code.
Exploited in the Wild
Two vulnerabilities patched this month have been confirmed as actively exploited:
CVE-2023-24932 – An attacker could bypass Secure Boot protections, potentially compromising the integrity of boot processes.
CVE-2025-21391 – This vulnerability allows attackers to gain elevated privileges on affected systems.
CVE-2025-21418 – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Other Notable Fixes
- Visual Studio Remote Code Execution (CVE-2025-21176, CVE-2025-21178): Developers using Visual Studio should apply these updates immediately to mitigate potential RCE risks.
- Azure Network Watcher VM Extension Elevation of Privilege (CVE-2025-21188): Cloud administrators are advised to address this vulnerability impacting Azure environments.
- Microsoft Office RCE Vulnerabilities (CVE-2025-21392, CVE-2025-21397): These flaws could be exploited via malicious Office documents.
Many of the vulnerabilities addressed this month have a high impact, including remote code execution and elevation of privilege flaws that could allow attackers to take control of affected systems or escalate their access within networks.
Here’s a structured table of 61 vulnerabilities addressed in Microsoft’s February 2025 Patch Tuesday, derived from the provided CSV data and search results.
| CVE ID | Title | Impact | Severity | Exploited |
|---|---|---|---|---|
| CVE-2025-21376 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Remote Code Execution | Critical | No |
| CVE-2025-21379 | DHCP Client Service Remote Code Execution Vulnerability | Remote Code Execution | Critical | No |
| CVE-2025-21381 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Critical | No |
| CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Security Feature Bypass | Important | Yes |
| CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21188 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21206 | Visual Studio Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21351 | Windows Active Directory Domain Services API Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21352 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21368 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21369 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21383 | Microsoft Excel Information Disclosure Vulnerability | Information Disclosure | Important | No |
| CVE-2025-21182 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21183 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Yes |
| CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Yes |
| CVE-2025-21419 | Windows Setup Files Cleanup Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21420 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2023-32002 | Node.js Module._load() Policy Remote Code Execution Vulnerability |
Remote Code Execution | Important | No |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-24039 | Visual Studio Code Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability | Spoofing | Important | No |
| CVE-2025-21194 | Microsoft Surface Security Feature Bypass Vulnerability | Security Feature Bypass | Important | No |
| CVE-2025-21208 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21406 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21407 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21410 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21190 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21200 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21201 | Windows Telephony Server Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21198 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21337 | Windows NTFS Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21347 | Windows Deployment Services Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21349 | Windows Remote Desktop Configuration Service Tampering Vulnerability | Tampering | Important | No |
| CVE-2025-21350 | Windows Kerberos Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21358 | Windows Core Messaging Elevation of Privileges Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21359 | Windows Kernel Security Feature Bypass Vulnerability | Security Feature Bypass | Important | No |
| CVE-2025-21367 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21371 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability | Spoofing | Important | No |
| CVE-2025-21386 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21387 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21390 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21392 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21394 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21397 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21400 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important | No |
| CVE-2025-21179 | DHCP Client Service Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21184 | Windows Core Messaging Elevation of Privileges Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21212 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21216 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21254 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Denial of Service | Important | No |
| CVE-2025-21322 | Microsoft PC Manager Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21414 | Windows Core Messaging Elevation of Privileges Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-21373 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
| CVE-2025-24042 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | Elevation of Privilege | Important | No |
With two vulnerabilities already being exploited in the wild, delaying updates could leave systems exposed to active threats.
Microsoft has also emphasized the importance of installing the latest servicing stack updates (ADV990001) to ensure smooth deployment of security patches.
How to Update
Users and administrators can apply these updates via:
- Windows Update: Navigate to Settings > Update & Security > Windows Update and check for updates.
- Microsoft Update Catalog: Download individual patches for offline installation.
- WSUS (Windows Server Update Services): For enterprise environments, managing updates centrally.
Microsoft’s February 2025 Patch Tuesday underscores the growing complexity of cybersecurity threats facing organizations today.
The critical nature of several vulnerabilities makes it imperative for IT teams to act swiftly in deploying these fixes. As always, users are encouraged to remain vigilant against phishing attempts and other attack vectors that might exploit unpatched systems.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free