Microsoft’s February 2025 Patch Tuesday update addresses 55 security flaws in Windows, including 22 remote code execution flaws, 19 privilege elevation flaws, and more.
Among these, four were zero-day vulnerabilities—critical flaws exposed before a patch was available.
Key Zero-Day Flaws Fixed
- CVE-2025-21194: A Surface security feature bypass vulnerability that could compromise virtual machine management and the core of your OS.
- CVE-2025-21377: An NTLM hash disclosure spoofing flaw allowing hackers to access plain-text passwords with minimal user interaction.
Two flaws were actively exploited:
- CVE-2025-21391: A Windows storage elevation of privilege flaw allowing file deletion.
- CVE-2025-21418: An elevation of privilege flaw that enables attackers to gain system-level access.
Why It’s Critical to Update Now
These zero-days have been exploited in the wild. Immediate patching is essential to prevent potential attacks.
How to Install the Latest Updates
To install the update:
- Go to Start > Settings > Windows Update
- Click Check for updates and install the latest security fixes.