February's Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Following last month's update which addressed 159 security flaws, Microsoft has released another significant patch, this time fixing 63 vulnerabilities of varying severity (critical, important, moderate, and low). Three critical vulnerabilities requiring user action are CVE-2025-21376, CVE-2025-21379, and CVE-2025-21381. All three are Remote Code Execution (RCE) flaws, meaning they could allow attackers to remotely access and control a victim's computer.

CVE-2025-21381 is exploited when an attacker tricks a victim into downloading a malicious file from a compromised website. Successful exploitation allows the attacker to execute arbitrary code on the victim's system.

CVE-2025-21379 resolves a potential Man-in-the-Middle (MitM) attack. If exploited, the vulnerability allows attackers to forcefully inject themselves into a victim's network. This could be done to alter communication, steal sensitive information, or install malware through the network.

The CVE-2025- 21376 vulnerability affects the Windows Lightweight Directory Access Protocol (LDAP). An attacker could exploit the vulnerability by sending a malicious request designed to take advantage of the flaw and, if successful, allow them to remotely take control of systems utilizing Active Directory.


Additionally, Microsoft patched two zero-day vulnerabilities, CVE-2025-21391 and CVE-2025-21418, which were already being actively exploited. CVE-2025-21391 allows attackers to bypass access controls and gain control over a system. The vulnerability can also allow an attacker to delete certain files on the targeted computer. On the other hand, CVE-2025-21418 allows attackers to gain system privileges which may allow bad actors to configure settings or manage user accounts. Microsoft did not reveal the hacker's mode of operation while exploiting these vulnerabilities, and the identity of security experts who discovered and reported these vulnerabilities was also not revealed.

Other flaws that were fixed include CVE-2025-21194, a hypervisor vulnerability that could enable attackers to bypass UEFI and compromise the kernel, and CVE-2025-21377, which could expose Windows users' NTLM hashes allowing a remote attacker to impersonate the user and gain access to the system.

CVE-2025-21198, while not designated "critical," carries a high CVSS score of 9.0 and presents a serious threat. This vulnerability in Microsoft's High-Performance computing (HPC) systems could allow attackers to gain complete control by sending a malicious web request. This could lead to compromised data or malicious use of HPC resources.

Although some of these vulnerabilities are considered less likely to be exploited, that doesn't mean they pose no risk. Therefore, action is required. To protect your system you need to update Windows. To quickly run Windows update, press the Windows key + I to open Settings, click "Windows Update," and following the on-screen instructions.