Microsoft just patched a host of worrying security issues, so update now
Posted by:
Emma Walker
Microsoft has released its February 2025 Patch Tuesday cumulative update, addressing a total of 55 security vulnerabilities in Windows, including four zero-day bugs, with two actively exploited in the wild. Users are urged to apply the fix promptly due to the critical nature of these vulnerabilities. The identified zero-day flaws, CVE-2025-21391 and CVE-2025-21418, pose serious risks, allowing threat actors to delete files and gain SYSTEM privileges in Windows. Microsoft has not disclosed specific details regarding the exploitation of these vulnerabilities.
In the Patch Tuesday update, Microsoft tackled various types of security issues, such as Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Information Disclosure, Denial of Service, and Spoofing vulnerabilities. Additionally, two other zero-day vulnerabilities, CVE-2025-21194 and CVE-2025-21377, were mentioned, highlighting potential risks associated with UEFI bypass and NTLM Hash Disclosure Spoofing.
Apart from the Windows update, Microsoft also addressed security flaws in the Edge browser and a critical elevation of privilege bug in Dynamics 365 Sales in separate patches. Users are advised to stay vigilant and apply all necessary updates to secure their systems effectively.
Recent Posts1
