Microsoft fixes 63 vulnerabilities, including 2 zero-days | CyberScoop<\/title> <meta name=\"description\" content=\"The company\u2019s monthly Patch Tuesday update comes with more than two-thirds of the patches closing high-severity flaws.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-february-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft fixes 63 vulnerabilities, including 2 zero-days\"> <meta property=\"og:description\" content=\"The company\u2019s monthly Patch Tuesday update comes with more than two-thirds of the patches closing high-severity flaws.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-february-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-11T22:38:33+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-11T22:38:36+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1211\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83475\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83475\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-february-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-february-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83475 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-february-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.334608030593\">\n<div class=\"single-article__header-content\" readability=\"33.809523809524\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-february-2025\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company\u2019s monthly Patch Tuesday update comes with more than two-thirds of the patches closing high-severity flaws. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83475\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"404\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days.jpg?resize=640%2C404&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=300,189 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=768,484 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=1024,646 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=1536,969 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=600,378 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=266,168 266w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=534,337 534w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=1070,675 1070w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-2.jpg?resize=1337,843 1337w\" sizes=\"(max-width: 1070px) 100vw, 1070px\"><figcaption> The Microsoft logo is visible through a grid of its French headquarters on Jan. 25, 2023 in Issy-les-Moulineaux. (Photo by Chesnot\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"48.423235092529\"><body readability=\"97.339837810441\"><\/p>\n<p>Microsoft patched 63 vulnerabilities affecting some of its underlying systems and core products, the company said in its latest security update Tuesday, including Microsoft Excel, Microsoft Office, Windows CoreMessaging and Windows Storage.<\/p>\n<p>More than two-thirds of the vulnerabilities <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Feb\">covered in the update<\/a> are high-severity flaws on the CVSS scale. Vulnerabilities with high-severity base scores run across multiple Microsoft systems, impacting Windows Telephony Service, Windows Ancillary Function Driver, Microsoft Dynamics 365 Sales and other key services.<\/p>\n<p>The vendor\u2019s monthly batch of patches addresses two actively exploited zero-day vulnerabilities: privilege escalation flaws in Windows Storage, tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21391\">CVE-2025-21391<\/a>, and Windows Ancillary Function Driver for WinSock, tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21418\">CVE-2025-21418<\/a>.<\/p>\n<p>The actively exploited vulnerability in Windows Storage, an improper link resolution before file access defect with a CVSS score of 7.1, allows an attacker to delete targeted files on a system. Microsoft said the vulnerability doesn\u2019t put confidential data at risk, but noted it could allow an attacker to delete data, rendering the service inoperable.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Attackers who combine CVE-2025-21391 exploits with other vulnerabilities could escalate privileges and cause more severe damage, according to Mike Walters, president and co-founder of Action1.<\/p>\n<p>\u201cLarge organizations with numerous Windows systems are at significant risk due to the widespread use of Windows Storage features,\u201d Walters said in an email. \u201cGiven the ubiquity of Windows operating systems in business environments, potentially millions of organizations worldwide could be at risk. The actual number depends on Windows version adoption rates and existing security measures.\u201d<\/p>\n<p>The second zero-day addressed by Microsoft, a heap-based overflow vulnerability impacting Windows Ancillary Function Driver for WinSock, allows an attacker to gain system privileges and carries a CVSS score of 7.8.<\/p>\n<p>Adam Barnett, lead software engineer at Rapid7, said in an email that organizations have used the Windows Ancillary Function Driver for foundational networking functionality for decades, effectively as a kernel driver that interacts with large amounts of user-supplied input.<\/p>\n<p>\u201cMicrosoft is aware of existing exploitation in the wild, and with low attack complexity, low privilege requirements, and no requirement for user interaction, CVE-2025-21418 is one to prioritize for patching,\u201d Barnett told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft designated nine of the vulnerabilities addressed in the security update as \u201cmore likely\u201d to be exploited. The majority of those defects carry high-severity scores on the CVSS scale, including <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21400\">CVE-2025-21400<\/a>, a remote-code execution flaw in Microsoft SharePoint Server, and a pair of privilege escalation vulnerabilities in Windows CoreMessaging, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21184\">CVE-2025-21184<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21358\">CVE-2025-21358<\/a>.<\/p>\n<p>\u201cMicrosoft\u2019s exploitability likelihood rating is somewhat opaque, but to add more context about the nine vulnerabilities labeled likely to be exploited, we know that they all had low or no privileges required to exploit, and two of them had public exploit code available,\u201d Jackson Rolf, security analyst at Censys, said in an email to CyberScoop.<\/p>\n<p>Rolf noted that six of the vulnerabilities addressed by Microsoft this month are remote-code execution flaws impacting the Windows Telephony Service. The group of flaws carry low attack complexity and don\u2019t require privileges for exploitation, he added.<\/p>\n<p>The sole critical-severity vulnerability covered in Microsoft\u2019s security update, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21198\">CVE-2025-21198<\/a>, is a remote-code execution flaw impacting the Linux agent in Microsoft High Performance Compute clusters. It requires an attacker to have access to the network connected to the targeted cluster or Linux compute node.<\/p>\n<p>The full list of vulnerabilities addressed this month is available in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Feb\">Microsoft\u2019s Security Response Center<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1127906976744\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/microsoft-fixes-63-vulnerabilities-including-2-zero-days-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-february-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft fixes 63 vulnerabilities, including 2 zero-days | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,625,2660,643],"tags":[86,630,2662,645],"class_list":["post-7287","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-microsoft","category-patch-tuesday","category-vulnerabilities","tag-cybersecurity","tag-microsoft","tag-patch-tuesday","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-tuesday\/\" rel=\"category tag\">Patch Tuesday<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7287"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7287\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7287,"date":"2025-02-11T16:38:33","date_gmt":"2025-02-11T22:38:33","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83475"},"modified":"2025-02-11T16:38:33","modified_gmt":"2025-02-11T22:38:33","slug":"microsoft-fixes-63-vulnerabilities-including-2-zero-days","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/11\/microsoft-fixes-63-vulnerabilities-including-2-zero-days\/","title":{"rendered":"Microsoft fixes 63 vulnerabilities, including 2 zero-days"},"content":{"rendered":"