We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

February 13, 2025

In a continued effort to bolster security, Microsoft has rolled out a substantial patch addressing 63 vulnerabilities, following last month’s update that remedied 159 security flaws. This latest release categorizes vulnerabilities by severity, including critical, important, moderate, and low levels.

Critical Vulnerabilities Requiring Attention

Among the most pressing issues are three critical vulnerabilities—CVE-2025-21376, CVE-2025-21379, and CVE-2025-21381—that necessitate user action. Each of these flaws is classified as a Remote Code Execution (RCE) vulnerability, which could enable attackers to gain unauthorized remote access to a victim’s computer.

  • CVE-2025-21381: This vulnerability is particularly concerning as it can be exploited when an attacker deceives a victim into downloading a malicious file from a compromised website. If successful, the attacker can execute arbitrary code on the victim’s system.
  • CVE-2025-21379: This flaw addresses a potential Man-in-the-Middle (MitM) attack, where attackers could infiltrate a victim’s network, manipulate communications, steal sensitive data, or deploy malware.
  • CVE-2025-21376: Affecting the Windows Lightweight Directory Access Protocol (LDAP), this vulnerability allows an attacker to send a malicious request that could lead to remote control of systems utilizing Active Directory.
Already exploited: CVE-2025-21391 and CVE-2025-21418

Additionally, Microsoft has addressed two zero-day vulnerabilities—CVE-2025-21391 and CVE-2025-21418—that were already under active exploitation. CVE-2025-21391 permits attackers to bypass access controls, potentially allowing them to delete files on the targeted system. Conversely, CVE-2025-21418 enables attackers to gain system privileges, which could facilitate the configuration of settings or management of user accounts. The specific methods employed by hackers to exploit these vulnerabilities remain undisclosed, as does the identity of the security experts who reported them.

Other notable vulnerabilities patched include:

  • CVE-2025-21194: A hypervisor vulnerability that could allow attackers to bypass UEFI and compromise the kernel.
  • CVE-2025-21377: This flaw could expose Windows users’ NTLM hashes, enabling remote attackers to impersonate users and gain system access.
  • CVE-2025-21198: Although not labeled as “critical,” this vulnerability has a high CVSS score of 9.0 and poses a significant threat. It affects Microsoft’s High-Performance Computing (HPC) systems, allowing attackers to gain complete control through a malicious web request, potentially leading to compromised data or misuse of HPC resources.

While some vulnerabilities may seem less likely to be exploited, they still pose a risk that should not be underestimated. To safeguard your system, it is imperative to update Windows. To initiate a quick update, press the Windows key + I to open Settings, navigate to “Windows Update,” and follow the on-screen instructions.

Winsage
February's Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical