Summary
Microsoft has released monthly security updates that address a total of 66 new vulnerabilities, 4 of which are 0-day vulnerabilities.
Note: CVE-2025-21420 is being actively exploited online.
Note: A Proof of Concept (PoC) for exploiting CVE-2025-21420 is available online.
Note: The vendor states that exploits for CVE-2025-21194 e CVE-2025-21377 are available online.
Note: The vendor states that CVE-2025-21391 e CVE-2025-21418 are being actively exploited online.
Risk
Estimate of impact of vulnerability on the reference community: Critical (76.66)
Typology
- Security Feature Bypass
- Spoofing
- Information Disclosure
- Tampering
- Elevation of Privilege
- Remote Code Execution
- Denial of Service
Affected products and/or versions
- Active Directory Domain Services
- Azure Network Watcher
- Microsoft AutoUpdate (MAU)
- Microsoft Digest Authentication
- Microsoft Dynamics 365 Sales
- Microsoft Edge (Chromium-based)
- Microsoft Edge for iOS and Android
- Microsoft High Performance Compute Pack (HPC) Linux Node Agent
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft PC Manager
- Microsoft Streaming Service
- Microsoft Surface
- Microsoft Windows
- Outlook for Android
- Visual Studio
- Visual Studio Code
- Windows Ancillary Function Driver for WinSock
- Windows CoreMessaging
- Windows DHCP Client
- Windows DHCP Server
- Windows Disk Cleanup Tool
- Windows DWM Core Library
- Windows Installer
- Windows Internet Connection Sharing (ICS)
- Windows Kerberos
- Windows Kernel
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Message Queuing
- Windows NTLM
- Windows Remote Desktop Services
- Windows Resilient File System (ReFS) Deduplication Service
- Windows Routing and Remote Access Service (RRAS)
- Windows Setup Files Cleanup
- Windows Storage
- Windows Telephony Server
- Windows Telephony Service
- Windows Update Stack
- Windows Win32 Kernel Subsystem
Mitigation Actions
In line with vendor statements, it is recommended to update impacted products through the appropriate Windows Update function.
References
https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb
https://msrc.microsoft.com/update-guide
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
