Microsoft has released its February update, which includes the elimination of three critical vulnerabilities associated with remote code execution. The update addresses a total of 19 privilege escalation vulnerabilities, 22 remote code execution vulnerabilities, 9 denial of service vulnerabilities, and several other security issues.
One of the actively exploited zero-day vulnerabilities, known as CVE-2025-21391, allowed attackers to delete files in the Windows storage system. While Microsoft experts confirmed that this vulnerability did not result in a leak of confidential information, it could be used to delete data and disrupt services.
Another actively exploited vulnerability, CVE-2025-21418, impacted the Windows auxiliary functions for Windows WinSock and enabled attackers to gain system-level privileges. Microsoft anonymously disclosed this vulnerability, and details about its use in attacks remain unknown.
Among the publicly disclosed vulnerabilities is a security issue affecting Microsoft Surface, known as CVE-2025-21194, which allows attackers to bypass UEFI security and compromise the protected core. This vulnerability was discovered by researchers Francisco Falcon and Ivan Arsa from Quarkslab.
Another publicly disclosed vulnerability, CVE-2025-21377, allowed attackers to obtain NTLM users in Windows with minimal interaction with a malicious file, such as clicking a mouse or accessing the context menu. This vulnerability was identified by specialists from Cathay Pacific and Securify B.V.
Security is a continual battle between developers and attackers. Each update released by Microsoft not only corrects errors but also protects data and ensures the stability of millions of devices. Ignoring these patches gives hackers an opportunity to exploit vulnerabilities.