Microsoft Addresses 55 Security Vulnerabilities in this Month's Updates

In a significant security update, Microsoft has released patches to address 55 vulnerabilities as part of its February 2025 Patch Tuesday. The update includes fixes for a wide range of products, from Microsoft Office and Windows to Azure services and various drivers.

Remote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched this month, while elevation of privilege (EoP) vulnerabilities accounted for 34.5%. Two of these vulnerabilities were exploited in the wild before being patched.

One of the most notable vulnerabilities addressed in this update is CVE-2025-21418, an EoP vulnerability in the Windows Ancillary Function Driver (afd.sys) that interfaces with the Windows Sockets API (WinSock). This vulnerability, though unconfirmed, may have also been exploited by the APT38 group in 2025. In 2024, another EoP vulnerability, CVE-2024-38193, was exploited in the wild as a zero day and was reportedly used by the Lazarus Group (North Korean APT) to implant a new version of the FudModule rootkit.

CVE-2025-21418 was exploited in the wild before being patched. Another EoP flaw, CVE-2025-21391, is an elevation of privilege flaw in the way Windows handles file storage. Like CVE-2025-21418, CVE-2025-21391 was also exploited in the wild before being patched.

Since 2022, there have been nine elevation of privilege vulnerabilities in the Ancillary Function Driver for WinSock, with three each year. In 2025, all five zero days exploited in the wild as part of Patch Tuesday were elevation of privilege flaws.

The update also includes patches for various other components, such as Active Directory Domain Services, Azure Active Directory, Azure Firmware, Azure Network Watcher, Microsoft AutoUpdate (MAU), Microsoft Digest Authentication, Microsoft High Performance Compute Pack (HPC) Linux Node Agent, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft PC Manager, Microsoft Streaming Service, Microsoft Surface, Microsoft Windows, Outlook for Android, Visual Studio, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows CoreMessaging, Windows DHCP Client, Windows DHCP Server, Windows DWM Core Library, Windows Disk Cleanup Tool, Windows Installer, Windows Internet Connection Sharing (ICS), Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows Message Queuing, Windows NTLM, Windows Remote Desktop Services, Windows Resilient File System (ReFS) Deduplication Service, Windows Routing and Remote Access Service (RRAS), Windows Setup Files Cleanup, Windows Storage, Windows Telephony Server, Windows Telephony Service, Windows Update Stack, Windows Win32 Kernel Subsystem.

It's worth noting that a vulnerability reported by HackerOne was not included in the tally of vulnerabilities patched this month by Microsoft.

In conclusion, the February 2025 Patch Tuesday update addresses a significant number of vulnerabilities, with a focus on EoP and RCE vulnerabilities. Users are strongly advised to apply these updates as soon as possible to protect their systems from potential threats.