Microsoft just dropped its Patch Tuesday security update for February 2025. This is a monthly update for Windows that includes all of the security patches and stability fixes Microsoft has been working on since the last release. But just because these updates arrive without any new user-facing features, that doesn’t mean they’re not equally as important—if not more so.
As reported by Bleeping Computer , this latest Patch Tuesday update fixes 55 security flaws throughout Windows. That includes 22 remote code execution flaws, 19 elevation of privilege flaws, nine denial of service flaws, three spoofing flaws, two security feature bypass flaws, and one information disclosure flaw.
Here’s what Microsoft fixed with its latest Patch Tuesday update
While all 55 flaws were worth addressing, four of them were particularly essential to fix—and patching two of those was even more vital. That’s because four of these flaws were zero-day vulnerabilities, security flaws that are publicly known without an available patch. That’s a recipe for disaster: Bad actors will inevitably discover ways to exploit security flaws, but the key is for software developers to discover and fix those flaws before bad actors even have a chance to know what those flaws are. When flaws are discovered before a fix is available, it sharply increases the chances of an exploit being developed before a patch can be created.
In this case, there were four such vulnerabilities fixed in this latest Patch Tuesday update. Two of these have not been actively exploited—at least, Microsoft says they haven’t. One is CVE-2025-21194, a Microsoft Surface security feature bypass vulnerability that could make it possible to bypass the Unified Extensible Firmware Interface (UEFI) and compromise both the hypervisor and secure kernel of specific machines. Plainly speaking, the flaw could allow bad actors to compromise the program powering virtual machines on Windows, as well as the core of your OS.
The other publicly disclosed flaw was CVE-2025-21377, an NTLM hash disclosure spoofing vulnerability, which allows bad actors to access your computer’s NTLM hash to obtain your plain-text password. With this particular flaw, a user might only need to select, right-click, or interact with a malicious file in order to trigger the exploit, which could then let a hacker log into the machine as the user. Microsoft is staying pretty silent about this one.
However, the other two zero-day flaws patches in this update were, in fact, actively exploited. That includes CVE-2025-21391, a Windows storage elevation of privilege vulnerability that allowed bad actors to delete targeted files on your computer. Microsoft clarified the flaw does not allow bad actors to see your confidential information, but being able to delete files means attackers could break parts of your system. The second actively-exploited zero day flaw was CVE-2025-21418, an elevation of privilege vulnerability that allowed bad actors to gain system privileges in Windows. Microsoft did not share how either of these flaws were exploited by bad actors, and is keeping the identities of those who discovered them anonymous.
While we don’t know the full scope of these last two zero-days, it’s important to update and patch them ASAP. As they are actively being exploited, it’s possible someone could use them against your computer unless you install the patch.
How to install the latest security updates on Windows
To protect your PC, install this latest Patch Tuesday update as soon as possible. To do so, head to Start > Settings > Windows Update, then choose Check for Windows updates.
