Microsoft’s February Security Update: Fewer Vulnerabilities, But Still a Priority

Microsoft’s February security update contains fewer vulnerabilities for administrators to address compared to a month ago, but there are still several critical flaws that require immediate attention.

Top Security Concerns

• Two Zero-Day Vulnerabilities: Attackers are actively exploiting two zero-day vulnerabilities in the wild, CVE-2025-21418 (CVSS score 7.8) and CVE-2025-21391 (CVSS 7.1). These vulnerabilities can be exploited to gain SYSTEM-level privileges on affected systems.
• Zero-Day Patch: Microsoft has released a patch for a previously disclosed zero-day vulnerability (CVE-2025-21376) in December 2024.
• Common Vulnerabilities and Exposures (CVEs): The update addresses 63 unique CVEs, including several that can have severe consequences for affected organizations.

CVEs and Their Severity

• CVE-2025-21418: A local exploit vulnerability that allows attackers to disable security tooling, dump credentials, or move laterally across the network.
• CVE-2025-21391: A Windows Storage zero-day vulnerability that can be exploited to delete targeted files on a system.
• CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that can be exploited to steal NTLM credentials.

Critical Flaws

• CVE-2025-21379: A remote code execution (RCE) vulnerability in the DHCP client service (CVSS Score 7.1).
• CVE-2025-21177: A privilege elevation vulnerability in Microsoft Dynamics 365 Sales (CVSS Score 8.7).
• CVE-2025-21381: An RCE vulnerability in Microsoft Excel (CVSS 7.8).
• CVE-2025-21376: An RCE vulnerability in Windows LDAP (CVSS 8.1).

Impact and Recommendations

• Organizations: Treat CVE-2025-21377 as a high-priority bug that needs immediate attention. Even with a patch available, the vulnerability can be exploited to steal NTLM credentials.
• Administrators: Apply patches for CVE-2025-21418, CVE-2025-21391, and CVE-2025-21379 immediately.
• Customers: Take note of the CAR (customer action required) attribute in CVE-2025-21177, which means no customer action is required, but Microsoft has already addressed the issue on its end.

Security Researchers’ Insights

• Kev Breen: Senior director, cyber threat research at Immersive Labs, emphasizes the importance of addressing CVE-2025-21377 and CVE-2025-21418.
• Natalie Silva: Lead cyber security engineer at Immersive Labs, highlights the risk of CVE-2025-21391, which can be exploited to delete targeted files on a system.
• Tyler Reguly: Associate director security R\&D at Fortra, notes that the update should be issued outside of Patch Tuesday since it does not require customer action.