Microsoft Monthly Security Updates - 20250212001¶
Overview¶
Microsoft has released security updates to address 63 vulnerabilities in multiple products, 2 of which have been labeled as exploitation detected.
What is vulnerable?¶
Critical Severity¶
| Product(s) Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Vendor listed products and versions | CVE-2025-21198 | 9.0 | Critical |
Known Exploitation¶
| Product(s) Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Vendor listed products and versions | CVE-2025-21391 | 7.1 | High |
| Vendor listed products and versions | CVE-2025-21418 | 7.8 | High |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- Microsoft February 2025 Security Updates: https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb
Additional References¶
- CISA Known Exploited Vulnerabilities: https://www.cisa.gov/news-events/alerts/2025/02/11/cisa-adds-four-known-exploited-vulnerabilities-catalog
- BleepingCompuuter: https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2025-patch-tuesday-fixes-4-zero-days-55-flaws/
- SecurityOnline: https://securityonline.info/microsoft-patches-actively-exploited-zero-day-flaws-cve-2025-21418-cve-2025-21391/