Microsoft has just released its February 2025 Patch Tuesday security updates. This is a monthly update for Windows that includes all the security patches and stability fixes Microsoft has made since the previous release. But just because these updates don't have any new features for users, that doesn't mean they're not important.
According to Bleeping Computer, this latest Patch Tuesday update fixes 55 security flaws across Windows, including 22 remote code execution flaws, 19 admin privilege flaws, 9 denial of service flaws, 3 spoofing flaws, 2 security feature bypass flaws, and 1 information disclosure flaw.
Bugs that Microsoft fixed in its latest Patch Tuesday update
While all 55 bugs are worth addressing, four of them are particularly important, and patching two of them is even more important. That’s because four of them are zero-day vulnerabilities, publicly available security flaws that don’t have a patch available. Bad guys will inevitably figure out how to exploit them, but it’s important that software developers discover and fix them before hackers have a chance to learn what they are. When vulnerabilities are discovered before a fix is available, the likelihood of a vulnerability spreading before a patch can be created increases dramatically.
In this case, four such vulnerabilities were fixed in this latest Patch Tuesday update. Two of them are not actively exploited—at least not yet, Microsoft claims. One is CVE-2025-21194, a Microsoft Surface security feature bypass vulnerability that can bypass the Unified Extensible Firmware Interface (UEFI) and compromise both the virtualization manager and the security kernel of specific machines. In simple terms, this vulnerability can allow bad actors to compromise the program that powers virtual machines on Windows as well as the operating system core.
The other publicly known vulnerability is CVE-2025-21377, an NTLM hash disclosure spoofing vulnerability that allows an attacker to access your computer's NTLM hash to extract your plaintext password. With this particular vulnerability, a user could simply select, right-click, or interact with a malicious file to trigger the exploit, which could then allow the attacker to log in to the machine as the user. Microsoft has been relatively quiet about this vulnerability.
However, two other zero-day vulnerabilities in this update have actually been actively exploited. These include CVE-2025-21391, a Windows storage vulnerability that allows attackers to delete targeted files on a user's computer. Microsoft has clarified that this vulnerability does not allow attackers to view your sensitive information, but the ability to delete files means that attackers can disrupt many parts of the system. The second zero-day vulnerability that is actively exploited is CVE-2025-21418, a vulnerability that allows attackers to gain system privileges in Windows. Microsoft has not shared how attackers exploit these vulnerabilities, keeping the identities of the people who discovered them secret.
While we don’t know the full extent of these last two zero-day vulnerabilities, it’s important to update and patch them as soon as possible. Since they’re being actively exploited, there’s a chance someone could use them against you unless you install the patch.
How to install the latest security updates on Windows
To protect your PC, install the latest Patch Tuesday update as soon as possible. To do so, go to Start > Settings > Windows Update , then select Check for Windows updates .
Turning off a few of these services can save you a significant amount of battery life without affecting your daily usage.
From performance monitoring to quick system tweaking, these built-in utilities are as useful as ever.
Error code 0x80004005 is a type of unknown Windows error, whose cause is related to a number of different issues.
If you can't find the Bluetooth icon on the taskbar, follow the steps below to show the missing Bluetooth icon on Taskbar in Windows 10.
Clearing the NVIDIA Shader Cache will reset the system, forcing it to rebuild with new data. Here are instructions for clearing the NVIDIA Shader Cache.
Unlocking USB ports in BIOS is not difficult. However, how to lock computer USB ports? Let's find out with Quantrimang.com!
Being blocked online can be frustrating, whether it's a forum lockout, a game ban, or a temporary IP restriction. The good news is that you don't always need a VPN to get around these restrictions.
When your computer crashes, seeing how everything is running can help you troubleshoot. And when everything is working, this information can also help you optimize your system.
Windows laptops aren't known for their battery life, at least not without some tweaking. But these tips will help your laptop last all day without having to find a power outlet.
Windows 10/11 includes a hidden Administrator account that you can use to manage all the important data on your computer. Let's see how to enable or disable the built-in Administrator account on Windows 10/11!
System Service Exception or SYSTEM_SERVICE_EXCEPTION is one of the BSOD errors (blue screen of death errors). System Service Exceptions errors occur quite commonly and continuously.
In the following article, we will present the basic operations to recover deleted data in Windows 7 with the support tool Recuva Portable. With Recuva Portable, you can store it in any convenient USB, and use it whenever needed. The tool is compact, simple, easy to use with some of the following features:
CCleaner scans for duplicate files in just a few minutes, then lets you decide which ones are safe to delete.
Windows doesn't come with security set up by default, which means there are some default settings you need to change.
USB devices have become indispensable in everyday life, allowing us to connect a wide variety of essential hardware to our PCs.
