The monthly report is relatively easy, with some mobile updates or corrections that have already been performed server page and should not be a problem for administrators, said Tyler Regular, associate director of Security R&D at Global Cybersecurity Software and Service Provider Fald. Another vulnerability only affects Microsoft Surface Hardware.
February Update Patches two utilized vulnerabilities
The two utilized vulnerabilities are:
- CVE-2025-21391, a Windows storage error that could let a threat acting acting files.
- CVE-2025-21418, an opening for privilege-scaling that begins in Windows aid feature driver for Winsock.
“While both vulnerabilities are considered important by Microsoft and have CVS scores in the 7.x area, I would treat Windows Department of Winsock -vulnerability as critical when it comes to patching, considering it has seen active exploitation,” said Regular in an E email to TechPublic.
Vulnerabilities have been found in Windows-Suppling function drivers for Winsock nine times since 2022, including cases attributed to a North Korea sponsored advanced sustained threat group, pointed out Tenable Senior Staff Research Engineer Satnam Narang in a comment on Krebonsecurity.
“The root cause is inadequate validation of user-delivered input, allowing low privileged users to send specially designed data that flood the buffer,” wrote Mike Walters, president and co-founder of Patch Management Company Action1 in a blog post.
No user interaction required to patch any of the utilized vulnerabilities.
CVE-2025-21391, The Zero-Day Windows Storage Error derives from the way Windows solves file paths and follows links, Walters said. File deletion is just the beginning of the problems it can cause as it can lead to privilege -scaling, unwanted access to security logs or configurations, malware injection, data manipulation or other attacks.
“With a CVSS score of 7.1, the CVSS -Metrics overview that this vulnerability does not affect confidentiality, so no sensitive data can be obtained,” said Kev Breen, senior director of threat research on cybersecurity platform manufacturer immersed, in a E -Mail to TechPublic. “However, it can affect data integrity and accessibility seriously.”
A vulnerability scores CVSS 9.0
The highest CVS score addressed in the February-Patch package is CVE-2025-21198, rated at 9.0. This cve could have a threat actor perform a distant attack against a Linux agent in High Performance Computing clusters. However, it only works if the striker already has access to the network to which the cluster is attached.
“This network requirement should limit the impact of what would otherwise be a more serious vulnerability,” Regular said.
See: Microsoft Powertoys now include Sysinternals’ Zoomit, a screen recording tool designed for technical presentations.
Microsoft Patches forgery of bug affecting all client and server versions
CVE-2025-21377 was already published in public, but the patch is rolled out today. With this vulnerability, a threat actor could reveal a user’s NTLMV2 shash that lets the attacker the user’s identity. Walters said that any organization that uses Windows systems that are not solely dependent on Kerberos for approval is at risk.
CVE-2025-21377 is “another cve to patch before rather than later,” Breen said.
“The user does not have to open or run the executable, but simply to see the file in Explorer may be enough to trigger the vulnerability,” Breen said. “This specific vulnerability is known as an NTLM relay or pass-hash attack, and this attack style is a favorite of threat players as it allows them to emulate users in the network.”
Finally, Ben McCarthy, main cyber security engineer at Immersive, CVE-2025-21381, pointed out a vulnerability that allows for remote code execution in Excel.
“Excel vulnerable is particularly dangerous because Excel macros and embedded scripts have historically been an important attack vector for APT groups, ransomware operators and financial fraud campaigns that often circumvent traditional safety defense,” McCarthy said.
Other large patches across brands
As Walters pointed out, Chrome 131 recently landed and brought patches to several memory vulnerabilities. None of the vulnerabilities that Google identified has been exploited. Apple has also begun to roll out iOS 18.3.1, which includes a solution for a physical attack that may have been exploited against specific individuals. Ivanti recommended administrators to look for updates from Google Chrome and Microsoft Edge this week.
“Browsers are a primary target for attackers to target users,” IT software company Ivantis Vice President of Product Management for security products Chris Goettl wrote in a blog post. “Although it is recommended to include browsers in your monthly update process, it leaves a lot of CVE’s exposed between cycles. It is recommended to move browsers to a weekly priority updates cadence. “
Last but not least, Adobe released updates to InDesign, Photoshop Elements, Illustrator and more.