Today part of the February 2025 patch Tuesday, Microsoft released a bunch of security updates for its products and services, to resolve various vulnerabilities and bugs. February 2025 Patch Tuesday update, addressed 63 security vulnerabilities including three critical vulnerabilities, and four zero-day vulnerabilities, two of which have been actively exploited in attacks and two publicly disclosed. It also addresses a series of other bugs related to performance and usability. These updates are important and install as soon as possible to protect your device from potential attacks and exploits. Let’s look at the highlights of the Microsoft Patch Tuesday update in February 2025 for Windows 11 and Windows 10.
What is Patch Tuesday Update?
Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday falls on the second Tuesday of every month, and brings security updates to fix vulnerabilities or recent bugs.
A vulnerability is a weakness or flaw in a software or hardware component that an attacker could exploit to gain unauthorized access, execute malicious code, or cause damage or disruption. A bug is an error or defect in a software or hardware component that could cause it to malfunction or behave unexpectedly.
A security update is a software patch that fixes or mitigates one or more vulnerabilities or bugs.
A security update can have different ratings depending on the severity and impact of the vulnerability or bug it addresses. Microsoft uses four ratings: critical, important, moderate, and low.
- The critical update fixes a vulnerability that could allow an attacker to take complete control of a system without user interaction.
- An Important update fixes a vulnerability that could compromise data or functionality but require user interaction or specific conditions.
- Moderate update fixes a vulnerability that is unlikely to be exploited, but could still have some impact.
- A Low update fixes a vulnerability that is very unlikely to be exploited and has minimal impact.
Microsoft Patch Tuesday update February 2025
The February 2025 Patch Tuesday includes 67 security updates, including three critical Remote Code Execution vulnerabilities (As it allows privilege elevation, spoofing, or remote code execution) and four zero-day vulnerabilities, with two actively exploited in attacks. The critical updates affect Windows, Internet Explorer, Edge, Office, SharePoint, Exchange, and Azure DevOps Server.
As per the release notes, the February 2025 Microsoft Patch Tuesday Update fixed 19 Elevation of Privilege security issues, 2 Security Feature Bypass Vulnerabilities, 22 Remote Code Execution bugs, 1 Information Disclosure vulnerability, 9 Denial of Service Vulnerabilities, and 3 spoofing vulnerabilities.
Also, Microsoft discloses four zero-day vulnerabilities, two of which have been actively exploited in attacks and two publicly disclosed.
Microsoft’s February 2025 Patch Tuesday, which includes security updates for a total of 63 flaws.
Four zero-day vulnerabilities Patched
CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability:
Windows Storage is the system that manages how your computer stores data, including features like Storage Spaces. This vulnerability is an “elevation of privilege” issue. While it doesn’t let attackers see your private data, it could allow them to delete data or make the storage system unavailable. Imagine someone being able to erase files or even corrupt your entire drive – that’s the kind of risk this patch addresses.
CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability:
This is a more serious issue. WinSock is a core part of Windows networking, and its “Ancillary Function Driver” helps applications talk to the network. This vulnerability is also an elevation of privilege issue, but this time, exploiting it could give an attacker “SYSTEM” privileges. SYSTEM is the highest level of access on a Windows machine. Someone with SYSTEM privileges can do virtually anything – install software, change settings, access any file, and even take complete control of the computer.
CVE-2025-21377: NTLM Hash Disclosure Spoofing Vulnerability:
NTLM hashes are like digital fingerprints of your Windows password. They’re used to authenticate you when you log in or access network resources. This vulnerability could let an attacker steal your NTLMv2 hash. If they get this hash, they could potentially “spoof” your identity, meaning they could pretend to be you and access resources as if they were you. This is a serious risk because it could give attackers access to sensitive data or allow them to perform actions as another user.
CVE-2025-21194: Microsoft Surface Security Feature Bypass Vulnerability:
This vulnerability specifically affects Microsoft Surface devices. It’s a “security feature bypass,” meaning it could allow an attacker to circumvent some security measures built into Surface hardware. However, there’s a significant catch: the attacker needs to already be on a restricted network to exploit this vulnerability. This means the risk is higher for Surface devices used in environments with restricted network access, like corporate offices.
Three Critical Severity Vulnerability Patched
Microsoft’s February Patch Tuesday also resolved several critical vulnerabilities across various Windows components.
CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability:
DHCP is what gives your devices their IP addresses and other network settings. This vulnerability in the DHCP client (the software on your computer) could be exploited in a “machine-in-the-middle” (MITM) attack. However, the attacker must be on the same local network as the victim. Think of it like this: someone on your Wi-Fi network or connected to the same network switch could try to exploit this, but someone across the internet could not. Successful exploitation would allow remote code execution.
LDAP is often used in companies to manage user information and authentication. This vulnerability is a remote code execution issue, but it’s more complex to exploit. The attacker has to win a “race condition,” which means they have to send a specially crafted request at just the right moment. If they succeed, it could lead to a buffer overflow and allow them to run code remotely on the vulnerable LDAP server. This is a significant risk in enterprise environments.
CVE-2025-21381: Microsoft Excel Remote Code Execution Vulnerability:
This is a remote code execution vulnerability in Microsoft Excel. If exploited successfully, an attacker could run code on the victim’s computer when they open a specially crafted Excel file. This type of vulnerability is often used in phishing attacks, where malicious files are disguised as legitimate documents.
Update for Windows client versions
February 2025 (Patch Tuesday) Windows security updates are the following:
- KB5051987 (OS Build 26100.3194) for the latest Windows 11 version 24H2
- KB5051989 (22621.4890 and 22631.4890) for the latest Windows 11 version 23H2/22H2
- KB5051974 (OS Build 19045.5487) for the latest Windows 10 version 22H2/21H2
- KB5052000 (OS Build 17763.6893) for the latest Windows 10 version 1809
All these updates only include minor patches and security fixes, rather than any new features.
Note: Windows 11 was released with several new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to Windows 11 for free.
Windows 11 KB5051987, KB5051989 and Windows 10 KB5051974 address security issues for your Windows operating system, including improved previews for apps on the taskbar, a new Windows Studio Effects icon in the system tray area, new Outlook for Windows client, and more. In addition, these releases update the list of drivers at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
Download the Microsoft Security Update
To download and install the updates, users can use Windows Update, Microsoft Update Catalog, or other tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
Usually, security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, Windows update, and check for updates to download and install the latest patch updates immediately.
Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.
- Windows 11 KB5051987 (Version 24H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5051989 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5051974 (For versions 22H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
Windows 10 KB5050008 (for version 1809) Offline Download links
If you are Looking for Windows 10 version 22H2 ISO image, click here.
Or Check How to Upgrade to Windows 11 version 24H2 Using the media creation tool.
If you face any difficulty while installing these updates, Check the Windows 11 Update troubleshooting guide to fix the Windows 11 update KB5051987 stuck downloading, failed to install with different errors, etc.
FAQ on Patch Tuesday update
What is Patch Tuesday?
- Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.
When is Patch Tuesday?
- Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on March 11, 2025.
What is patching and why is it important?
- Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.
What kind of patch updates are released during Patch Tuesday?
- Predominantly security patch updates of varying severity like Critical, Important, Moderate and low are labelled and released.
What are CVE IDs?
- CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and catalogued in the National Vulnerability Database (NVD).
Also Read
- Complete Review of Microsoft Windows 10 Operating system
- Solved: Microsoft Edge not working after the Windows 10 update
- can’t connect securely to this page ie11 or edge Windows 10
- Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
- Everything About IP (Internet Protocol) Address – Purpose to Benefits explained