Microsoft’s February Patch Tuesday Fixes Four Zero-Day Vulnerabilities
Fix these Windows issues ASAP.
Each month, Microsoft releases its “Patch Tuesday” update, which contains security patches for bugs and security vulnerabilities in Windows. For February’s Patch Tuesday update, Microsoft fixed 55 flaws, including notably four zero-day vulnerabilities.
As we’ve covered in the past, zero-day vulnerabilities are particularly dangerous, as they are flaws that are publicly disclosed or actively exploited before a company is able to issue a patch. In this case, there are patches for four zero-days, two of which were actively exploited. The other two flaws were simply known about, but Microsoft is not aware of any bad actors exploiting them in the wild.
The two actively exploited flaws are as follows, per Microsofts’ security updates report:
- CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.
- CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Now, let’s take a look at what Microsoft says about the two publicly disclosed zero-day vulnerabilities:
- CVE-2025-21194: Microsoft Surface Security Feature Bypass Vulnerability. This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel. Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine
- CVE-2025-21377: NTLM Hash Disclosure Spoofing Vulnerability. This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user. Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.
These four zero-days are now officially patched, as are the other 51 flaws Microsoft names in this update. To make sure your PC is protected, install the latest security patch from Start -> Settings -> Update & Security -> Windows Update.
Share This
