Microsoft Patch Tuesday (Feb 2025): 61 Vulnerabilities, 25 RCE, 3 Zero-Day

Home/Internet Security, Microsoft, RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack/Microsoft Patch Tuesday (Feb 2025): 61 Vulnerabilities, 25 RCE, 3 Zero-Day

Microsoft Patch Tuesday (Feb 2025): 61 Vulnerabilities, 25 RCE, 3 Zero-Day

Microsoft’s February 2025 Patch Tuesday fixes multiple vulnerabilities, including critical RCE and privilege escalation flaws. Users and organizations should update immediately to stay protected.

All about the vulnerability

The February update addressed:

  • 25 Remote Code Execution flaws
  • 14 Elevation of Privilege vulnerabilities
  • 6 Denial of Service issues
  • 4 Security Feature Bypass flaws
  • 2 Spoofing vulnerabilities
  • 1 Information Disclosure vulnerability

Microsoft Patch Tuesday – February 2025

This update addresses 61+ vulnerabilities, including critical and important flaws:

Critical Vulnerabilities:

  • CVE-2025-21376: Remote code execution via LDAP protocol.
  • CVE-2025-21379: RCE risk via crafted DHCP packets.
  • CVE-2025-21381, 21386, 21387: Excel vulnerabilities allowing code execution via malicious files.
  • CVE-2025-21406, 21407: RCE vulnerabilities in Windows Telephony Service.

Exploited in the Wild:

  • CVE-2023-24932: Secure Boot bypass risk.
  • CVE-2025-21391: Elevated privileges for attackers.
  • CVE-2025-21418: SYSTEM privileges gained via exploit.

Other Notable Fixes:

  • Visual Studio RCE (CVE-2025-21176, 21178): Immediate updates needed for RCE risks.
  • Azure Network Watcher Elevation of Privilege (CVE-2025-21188): Update for Azure cloud admins.
  • Microsoft Office RCE (CVE-2025-21392, 21397): Fix for Office document exploit risks.

Here’s a table of 61 vulnerabilities addressed in Microsoft’s February 2025 Patch Tuesday, based on the provided data and search results.

CVE IDTitleImpactSeverityExploited
CVE-2025-21376Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityRemote Code ExecutionCriticalNo
CVE-2025-21379DHCP Client Service Remote Code Execution VulnerabilityRemote Code ExecutionCriticalNo
CVE-2025-21381Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCriticalNo
CVE-2023-24932Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportantYes
CVE-2025-21176.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21178Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21172.NET and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21188Azure Network Watcher VM Extension Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21206Visual Studio Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21351Windows Active Directory Domain Services API Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21352Internet Connection Sharing (ICS) Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21368Microsoft Digest Authentication Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21369Microsoft Digest Authentication Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21375Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21383Microsoft Excel Information Disclosure VulnerabilityInformation DisclosureImportantNo
CVE-2025-21182Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21183Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21391Windows Storage Elevation of Privilege VulnerabilityElevation of PrivilegeImportantYes
CVE-2025-21418Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of PrivilegeImportantYes
CVE-2025-21419Windows Setup Files Cleanup Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21420Windows Disk Cleanup Tool Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2023-32002Node.js Module._load() Policy Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-24036Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-24039Visual Studio Code Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21259Microsoft Outlook Spoofing VulnerabilitySpoofingImportantNo
CVE-2025-21194Microsoft Surface Security Feature Bypass VulnerabilitySecurity Feature BypassImportantNo
CVE-2025-21208Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21406Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21407Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21410Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21190Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21200Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21201Windows Telephony Server Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21198Microsoft High Performance Compute (HPC) Pack Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21337Windows NTFS Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21347Windows Deployment Services Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21349Windows Remote Desktop Configuration Service Tampering VulnerabilityTamperingImportantNo
CVE-2025-21350Windows Kerberos Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21358Windows Core Messaging Elevation of Privileges VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21359Windows Kernel Security Feature Bypass VulnerabilitySecurity Feature BypassImportantNo
CVE-2025-21367Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21371Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21377NTLM Hash Disclosure Spoofing VulnerabilitySpoofingImportantNo
CVE-2025-21386Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21387Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21390Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21392Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21394Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21397Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21400Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportantNo
CVE-2025-21179DHCP Client Service Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21181Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21184Windows Core Messaging Elevation of Privileges VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21212Internet Connection Sharing (ICS) Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21216Internet Connection Sharing (ICS) Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21254Internet Connection Sharing (ICS) Denial of Service VulnerabilityDenial of ServiceImportantNo
CVE-2025-21322Microsoft PC Manager Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21414Windows Core Messaging Elevation of Privileges VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-21373Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo
CVE-2025-24042Visual Studio Code JS Debug Extension Elevation of Privilege VulnerabilityElevation of PrivilegeImportantNo

With two vulnerabilities actively exploited, delaying updates could leave systems vulnerable to threats.

Microsoft stresses the need to install the latest servicing stack updates (ADV990001) for smooth patch deployment.

How to Update:

  • Windows Update: Go to Settings > Update & Security > Windows Update.
  • Microsoft Update Catalog: Download individual patches for offline installation.
  • WSUS: For enterprise environments.

The February 2025 Patch Tuesday highlights the growing complexity of cybersecurity threats. IT teams must act quickly to deploy these critical patches and stay vigilant against phishing and other exploits targeting unpatched systems.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 183
By | 2025-02-14T04:12:42+05:30 February 11th, 2025|Internet Security, Microsoft, RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!