“February 2025 Patch Tuesday: Updates and Fixes for Microsoft Users”
Microsoft issues security updates for Windows, fixing 56 vulnerabilities including two zero-day flaws. Updates to address critical issues in Windows operating systems and supported software.
“
Microsoft has rolled out a series of security updates to address a total of 56 vulnerabilities across their Windows operating systems and various software products. Among these are two zero-day flaws that are currently being actively exploited by cyber attackers.
One of the critical vulnerabilities being patched, known as CVE-2025-21418, is a buffer overflow flaw affecting all supported Windows operating systems. This vulnerability is particularly concerning as Microsoft has confirmed that it is being exploited in the wild, with low attack complexity and no user interaction required.
Tenable’s senior staff research engineer, Satnam Narang, highlighted the history of similar elevation of privilege vulnerabilities in Windows components, emphasizing the potential risks associated with these security flaws. Another zero-day, CVE-2025-21391, enables attackers to delete files on a targeted system, posing a serious threat to user data and system integrity.
Rapid7’s lead software engineer, Adam Barnett, raised concerns about the impact of these vulnerabilities, warning that arbitrary file deletion can potentially lead to severe security breaches if exploited by skilled attackers. Microsoft has also addressed another disclosed vulnerability, CVE-2025-21377, which allows attackers to elevate their privileges on a compromised Windows system.
In addition to Microsoft’s security updates, other tech giants like Apple and Adobe have released patches for vulnerabilities in their offerings. Apple’s iOS 18.3.1 update fixes a zero-day vulnerability that has been exploited by attackers, while Adobe has addressed 45 vulnerabilities in various software products.
Furthermore, Google Chrome’s latest update will trigger updates for Chromium-based browsers like Microsoft Edge, underlining the importance of staying vigilant and updating all software to mitigate security risks. As cyber threats continue to evolve, it is essential for users to prioritize security updates and adopt best practices to safeguard their digital assets.
Published on: 2025-02-12 04:58:00 | Author: BrianKrebs
