Microsoft’s February 2025 Patch Tuesday delivered fixes for 55 vulnerabilities, including four zero-days. Among these, two flaws—already exploited in active attacks—target Windows Core Messaging and NTFS, highlighting the growing urgency for organizations to keep their systems updated.
These updates also address vulnerabilities in Azure and other widely used Microsoft services, underscoring the company’s ongoing battle against escalating cyber threats. The full details of the vulnerabilities are available in Microsoft’s Security Update Guide.
The February patch cycle demonstrates the increasing speed at which attackers exploit unpatched systems. “Customers are strongly encouraged to install these updates immediately,” Microsoft stated in its advisory.
This proactive stance is crucial as organizations face challenges in securing hybrid environments and critical infrastructure against a rapidly evolving threat landscape.
Zero-Days Exploited Before the Patch Release
Two of the four zero-days patched this month were actively exploited in the wild. The first, CVE-2025-21184, involves Windows Core Messaging, a key subsystem responsible for facilitating communication between applications and the operating system.
Exploiting this flaw allows attackers to escalate privileges, giving them unauthorized access to sensitive resources within the system. The vulnerability has already been leveraged in targeted attacks, according to Microsoft’s advisory.
The second exploited zero-day, CVE-2025-21337, affects NTFS, the file system used in all modern versions of Windows. By exploiting this vulnerability, attackers can elevate privileges and potentially access critical system data.
NTFS is a core component of Windows, responsible for managing file storage and retrieval, making this flaw especially concerning for enterprise users.
These vulnerabilities were actively exploited before the patches were available, raising the stakes for organizations with unpatched systems. To mitigate risks, Microsoft has issued detailed guidance in its advisory, urging administrators to prioritize these updates. These patches continue the focus on resolving zero-day vulnerabilities, a recurring theme in recent Patch Tuesday updates.
Cloud and Enterprise Vulnerabilities in Focus
Azure Network Watcher, Microsoft’s cloud monitoring and diagnostic tool, was also patched in this release. The vulnerability, CVE-2025-21188, allowed privilege escalation within hybrid cloud environments.
Although no active exploitation was reported, the potential impact of such a flaw in cloud infrastructure highlights the importance of securing hybrid setups. Businesses relying on Microsoft’s cloud offerings should ensure these updates are implemented without delay.
Another vulnerability patched this month, CVE-2025-21198, targeted the High-Performance Compute (HPC) Pack for Linux nodes, commonly used in hybrid cloud systems.
This elevation-of-privilege flaw underscores the risks associated with managing multi-cloud environments, particularly as businesses continue to integrate diverse platforms into their IT strategies.
Microsoft Office and Edge: Widespread Tools, Critical Risks
Beyond zero-days and cloud vulnerabilities, the February update addressed security flaws in widely used Microsoft applications. Among the most notable is CVE-2025-21381, a remote code execution (RCE) vulnerability in Microsoft Excel.
Attackers exploiting this flaw can use malicious spreadsheet files to execute unauthorized commands on a victim’s system. Given Excel’s ubiquity in enterprise environments, this vulnerability posed a significant risk to business operations and sensitive data.
Microsoft Edge, the company’s Chromium-based browser, was also included in the patch cycle. The updates fixed several security issues, including RCE vulnerabilities and spoofing flaws that could allow attackers to bypass security features or execute malicious code via compromised websites. These fixes are part of Microsoft’s ongoing efforts to enhance browser security, particularly as Edge plays an increasingly central role in enterprise IT ecosystems.
Strengthening Core Windows Components
Microsoft also addressed vulnerabilities in foundational components of the Windows operating system. The Resilient File System (ReFS), often used for data deduplication and advanced storage scenarios, received a critical patch to prevent unauthorized access.
Similarly, flaws in Windows DHCP Server and Internet Connection Sharing (ICS) services were fixed, reducing the risk of denial-of-service (DoS) attacks and other network disruptions.
In addition, vulnerabilities in Core Messaging and the Windows Kernel, including CVE-2025-21359 and CVE-2025-21358, were resolved. While these issues have not yet been exploited, they could allow attackers to bypass security protections if left unaddressed.
The scope of this month’s updates underscores a growing challenge for enterprises: securing interconnected systems that span on-premises, cloud, and hybrid environments. As attackers increasingly target multi-platform ecosystems, Microsoft’s patches address risks across its product lineup, from widely used tools like Excel to enterprise infrastructure components like HPC Pack.
Real-world examples highlight the risks of delayed patching. In recent months, attackers have exploited similar vulnerabilities to deliver ransomware, compromise sensitive data, and disrupt critical services.
Complete List of Microsoft February 2025 Security Updates
| Product | CVE ID | CVE Title | Severity |
| Microsoft Dynamics 365 Sales | CVE-2025-21177 | Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-21381 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2025-21379 | DHCP Client Service Remote Code Execution Vulnerability | Critical |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-21376 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Active Directory Domain Services | CVE-2025-21351 | Windows Active Directory Domain Services API Denial of Service Vulnerability | Important |
| Azure Network Watcher | CVE-2025-21188 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Digest Authentication | CVE-2025-21368 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Important |
| Microsoft Digest Authentication | CVE-2025-21369 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21279 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21342 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21283 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21408 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft High Performance Compute Pack (HPC) Linux Node Agent | CVE-2025-21198 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-21392 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-21397 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21394 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21383 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21390 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21386 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21387 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-21400 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-21322 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Surface | CVE-2025-21194 | Microsoft Surface Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2025-21337 | Windows NTFS Elevation of Privilege Vulnerability | Important |
| Open Source Software | CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability | Important |
| Outlook for Android | CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability | Important |
| Visual Studio | CVE-2025-21206 | Visual Studio Installer Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-24039 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-24042 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows CoreMessaging | CVE-2025-21358 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows CoreMessaging | CVE-2025-21184 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows DHCP Client | CVE-2025-21179 | DHCP Client Service Denial of Service Vulnerability | Important |
| Windows Disk Cleanup Tool | CVE-2025-21420 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-21414 | Windows Core Messaging Elevation of Privileges Vulnerability | Important |
| Windows Installer | CVE-2025-21373 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21216 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21212 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21352 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2025-21254 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-21350 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-21359 | Windows Kernel Security Feature Bypass Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows NTLM | CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-21349 | Windows Remote Desktop Configuration Service Tampering Vulnerability | Important |
| Windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21183 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) Deduplication Service | CVE-2025-21182 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-21410 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-21208 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Setup Files Cleanup | CVE-2025-21419 | Windows Setup Files Cleanup Elevation of Privilege Vulnerability | Important |
| Windows Storage | CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows Telephony Server | CVE-2025-21201 | Windows Telephony Server Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21407 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21406 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21200 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21371 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21190 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Update Stack | CVE-2025-21347 | Windows Deployment Services Denial of Service Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-21367 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-21267 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-21404 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge for iOS and Android | CVE-2025-21253 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2025-0445 | Chromium: CVE-2025-0445 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0451 | Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-0444 | Chromium: CVE-2025-0444 Use after free in Skia | Unknown |
