Microsoft's February 2025 Patch Tuesday Fixes 4 Zero-Days and 63 Vulnerabilities

Critical updates address actively exploited flaws, including privilege escalation and remote code execution risks, alongside patches from other major vendors.

Microsoft released 63 security updates for February 2025, including fixes for four zero-day vulnerabilities, two of which are actively exploited.
Critical vulnerabilities patched include CVE-2025-21198, a remote code execution flaw affecting high-performance computing clusters, and CVE-2025-21381, an Excel vulnerability enabling arbitrary code execution.
Actively exploited zero-days include CVE-2025-21418, allowing SYSTEM privilege escalation, and CVE-2025-21391, enabling attackers to delete targeted files on Windows systems.
Publicly disclosed vulnerabilities include a Surface hypervisor security bypass (CVE-2025-21194) and an NTLM hash disclosure flaw (CVE-2025-21377) that could enable remote login attempts.
Other major vendors, including Adobe, Fortinet, and SAP, also issued critical updates, with Adobe addressing 45 vulnerabilities and Fortinet patching a 9.6-rated authentication bypass flaw in FortiOS.