Microsoft has released its February security update, addressing 55 vulnerabilities across its products. Among them, four are zero-day flaws, with two actively exploited by threat actors.
This month’s patch also resolves three critical vulnerabilities related to remote code execution. The update includes fixes for 19 privilege escalation vulnerabilities, 22 remote code execution flaws, 9 denial-of-service issues, and several other security concerns.
One of the actively exploited zero-day vulnerabilities (CVE-2025-21391) allowed attackers to delete files within Windows storage systems. According to Microsoft specialists, while this flaw did not lead to data leaks, it could be leveraged to erase critical files and disrupt services.
The second actively exploited vulnerability (CVE-2025-21418) affected the Windows Ancillary Function Driver for WinSock and enabled attackers to escalate privileges to SYSTEM level. This flaw was disclosed to Microsoft anonymously, and details regarding its exploitation remain unknown.
Among the publicly disclosed vulnerabilities is a security flaw in Microsoft Surface devices (CVE-2025-21194) that enables attackers to bypass UEFI protections and compromise the Secure Kernel. This vulnerability was discovered by security researchers Francisco Falcon and Ivan Arce from Quarkslab.
Another publicly disclosed flaw (CVE-2025-21377) allowed attackers to extract NTLM hashes of Windows users. Exploiting this vulnerability required minimal user interaction—simply clicking on a malicious file or opening its context menu was sufficient to trigger the exploit. This flaw was identified by security experts from Cathay Pacific and Securify B.V.
Cybersecurity is not a static state but a continuous race between developers and adversaries. Each update is more than just a bug fix—it is a crucial measure to safeguard data and ensure the stability of millions of devices. Ignoring these patches is tantamount to granting hackers an opportunity to exploit vulnerabilities.
