Microsoft has just released its February 2025 Patch Tuesday security updates. This is a monthly update for Windows that includes all the security patches and stability fixes Microsoft has made since the previous release. But just because these updates don't have any new features for users, that doesn't mean they're not important.
According to Bleeping Computer, this latest Patch Tuesday update fixes 55 security flaws across Windows, including 22 remote code execution flaws, 19 admin privilege flaws, 9 denial of service flaws, 3 spoofing flaws, 2 security feature bypass flaws, and 1 information disclosure flaw.
Bugs that Microsoft fixed in its latest Patch Tuesday update
While all 55 bugs are worth addressing, four of them are particularly important, and patching two of them is even more important. That’s because four of them are zero-day vulnerabilities, publicly available security flaws that don’t have a patch available. Bad guys will inevitably figure out how to exploit them, but it’s important that software developers discover and fix them before hackers have a chance to learn what they are. When vulnerabilities are discovered before a fix is available, the likelihood of a vulnerability spreading before a patch can be created increases dramatically.
In this case, four such vulnerabilities were fixed in this latest Patch Tuesday update. Two of them are not actively exploited—at least not yet, Microsoft claims. One is CVE-2025-21194, a Microsoft Surface security feature bypass vulnerability that can bypass the Unified Extensible Firmware Interface (UEFI) and compromise both the virtualization manager and the security kernel of specific machines. In simple terms, this vulnerability can allow bad actors to compromise the program that powers virtual machines on Windows as well as the operating system core.
The other publicly known vulnerability is CVE-2025-21377, an NTLM hash disclosure spoofing vulnerability that allows an attacker to access your computer's NTLM hash to extract your plaintext password. With this particular vulnerability, a user could simply select, right-click, or interact with a malicious file to trigger the exploit, which could then allow the attacker to log in to the machine as the user. Microsoft has been relatively quiet about this vulnerability.
However, two other zero-day vulnerabilities in this update have actually been actively exploited. These include CVE-2025-21391, a Windows storage vulnerability that allows attackers to delete targeted files on a user's computer. Microsoft has clarified that this vulnerability does not allow attackers to view your sensitive information, but the ability to delete files means that attackers can disrupt many parts of the system. The second zero-day vulnerability that is actively exploited is CVE-2025-21418, a vulnerability that allows attackers to gain system privileges in Windows. Microsoft has not shared how attackers exploit these vulnerabilities, keeping the identities of the people who discovered them secret.
While we don’t know the full extent of these last two zero-day vulnerabilities, it’s important to update and patch them as soon as possible. Since they’re being actively exploited, there’s a chance someone could use them against you unless you install the patch.
How to install the latest security updates on Windows
To protect your PC, install the latest Patch Tuesday update as soon as possible. To do so, go to Start > Settings > Windows Update , then select Check for Windows updates .
Over time, you'll learn to quickly spot the warning signs of a VPN. If your VPN shows any of these signs, quickly abandon it before installing it.
Number formats determine how numbers are displayed, including your choice of decimal separator (such as a period or comma) and thousands separator. Here's how to change the number format in Windows 11.
If you suspect that someone is accessing and using your computer without permission, you can apply some of the tricks below to check the computer's on/off history, view recent activities on the computer to confirm and reaffirm that.
Windows 10 allows users to change the default web browser on the system in an extremely flexible and simple way.
Users can change and edit settings in Action Center to suit their needs.
Turning off applications you don't need is the most effective way to help your Windows computer boot faster.
There are many reasons why your laptop cannot connect to WiFi and therefore there are many ways to fix the error. If your laptop cannot connect to WiFi, you can try the following ways to fix this problem.
The Windows Taskbar suddenly disappears and is hidden behind other windows that are open on the screen. You can refer to some solutions below to fix the error of the Taskbar being hidden when the application is maximized.
Some of the PowerToys features work so smoothly that you'll forget they weren't always part of Windows.
Users can adjust and change the size of the icons on the Taskbar to be smaller or larger, depending on each person's needs.
Changing the wallpaper in Windows 11 is one of the best ways to customize your desktop.
In this article, Quantrimang will guide you through some ways to fix the error of Windows computers automatically restarting when pressing the shutdown button.
Have you ever booted another operating system alongside Windows? Dual booting is a great way to try out new operating systems without compromising your version of Windows. You can choose between operating system versions using the built-in boot manager.
Dual monitor setups are becoming more common these days. Multitasking on one screen is too limiting.
Windows has powerful built-in command line troubleshooting tools. The Windows Maintenance Tool simplifies things by consolidating these tools into one easy-to-use menu.
