Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

On February 11, Microsoft released its February 2025 Patch Tuesday release which patched 55 CVEs with three rated as critical and 52 rated as important.

Of the 55 CVEs patched this month, there were four zero-days, including two that were exploited in the wild (CVE-2025-21418 and CVE-2025-21391) and two that were publicly disclosed (CVE-2025-21194 and CVE-2025-21377) prior to a patches being made available.

This month’s update includes patches for:

• Active Directory Domain Services
• Azure Active Directory
• Azure Firmware
• Azure Network Watcher
• Microsoft AutoUpdate (MAU)
• Microsoft Digest Authentication
• Microsoft High Performance Compute Pack (HPC) Linux Node Agent
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft PC Manager
• Microsoft Streaming Service
• Microsoft Surface
• Microsoft Windows
• Outlook for Android
• Visual Studio
• Visual Studio Code
• Windows Ancillary Function Driver for WinSock
• Windows CoreMessaging
• Windows DHCP Client
• Windows DHCP Server
• Windows DWM Core Library
• Windows Disk Cleanup Tool
• Windows Installer
• Windows Internet Connection Sharing (ICS)
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Message Queuing
• Windows NTLM
• Windows Remote Desktop Services
• Windows Resilient File System (ReFS) Deduplication Service
• Windows Routing and Remote Access Service (RRAS)
• Windows Setup Files Cleanup
• Windows Storage
• Windows Telephony Server
• Windows Telephony Service
• Windows Update Stack
• Windows Win32 Kernel Subsystem

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.