On-demand webinar: Building a secure and employee-centric digital workplace

WATCH NOW

Microsoft Patch Tuesday February 2025 - Summary

165

Patches

56

Vulnerabilities

19

Articles

7

Impacts

CVE Index for February 2025 Patch Tuesday Updates

Vulnerable Component Impact CVE ID
Microsoft Excel Remote Code Execution CVE-2025-21381
DHCP Client Service Remote Code Execution CVE-2025-21379
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution CVE-2025-21376
Vulnerable Component Impact CVE ID
Windows Ancillary Function Driver for WinSock Elevation of Privilege CVE-2025-21418
Windows Storage Elevation of Privilege CVE-2025-21391
NTLM Hash Disclosure Spoofing CVE-2025-21377
Microsoft Surface Security Feature Bypass CVE-2025-21194
CVE ID Severity Impact
CVE-2023-24932 Important Security Feature Bypass
CVE-2025-21420 Important Elevation of Privilege
CVE-2025-21419 Important Elevation of Privilege
CVE-2025-21414 Important Elevation of Privilege
CVE-2025-21410 Important Remote Code Execution
CVE-2025-21407 Important Remote Code Execution
CVE-2025-21406 Important Remote Code Execution
CVE-2025-24036 Important Elevation of Privilege
CVE-2025-21375 Important Elevation of Privilege
CVE-2025-21373 Important Elevation of Privilege
CVE-2025-21371 Important Remote Code Execution
CVE-2025-21369 Important Remote Code Execution
CVE-2025-21368 Important Remote Code Execution
CVE-2025-21367 Important Elevation of Privilege
CVE-2025-21359 Important Security Feature Bypass
CVE-2025-21358 Important Elevation of Privilege
CVE-2025-21352 Important Denial of Service
CVE-2025-21351 Important Denial of Service
CVE-2025-21350 Important Denial of Service
CVE-2025-21349 Important Tampering
CVE-2025-21347 Important Denial of Service
CVE-2025-21337 Important Elevation of Privilege
CVE-2025-21322 Important Elevation of Privilege
CVE-2025-21254 Important Denial of Service
CVE-2025-21216 Important Denial of Service
CVE-2025-21212 Important Denial of Service
CVE-2025-21208 Important Remote Code Execution
CVE-2025-21201 Important Remote Code Execution
CVE-2025-21200 Important Remote Code Execution
CVE-2025-21198 Important Remote Code Execution
CVE-2025-21190 Important Remote Code Execution
CVE-2025-21184 Important Elevation of Privilege
CVE-2025-21183 Important Elevation of Privilege
CVE-2025-21182 Important Elevation of Privilege
CVE-2025-21181 Important Denial of Service
CVE-2025-21179 Important Denial of Service
CVE ID Severity Impact
CVE-2025-21400 Important Remote Code Execution
CVE-2025-21397 Important Remote Code Execution
CVE-2025-21394 Important Remote Code Execution
CVE-2025-21392 Important Remote Code Execution
CVE-2025-21390 Important Remote Code Execution
CVE-2025-21387 Important Remote Code Execution
CVE-2025-21386 Important Remote Code Execution
CVE-2025-21383 Important Information Disclosure
CVE-2025-21259 Important Spoofing
CVE ID Severity Impact
CVE-2025-24042 Important Elevation of Privilege
CVE-2025-24039 Important Elevation of Privilege
CVE-2025-21206 Important Elevation of Privilege
CVE-2025-21178 Important Remote Code Execution
CVE-2025-21176 Important Remote Code Execution
CVE-2025-21172 Important Remote Code Execution
CVE ID Severity Impact
CVE-2025-21188 Important Elevation of Privilege
Vulnerable Component CVE ID Severity Impact
HackerOne: CVE-2023-32002 Node.js `Module._load()` policy CVE-2023-32002 Important Remote Code Execution

Previous Patch Tuesday Updates and Fixes

Microsoft Windows Patch Tuesday - Overview

What is Patch Tuesday?

Patch Tuesday, the colloquial term for Microsoft's Update Tuesday that falls on second Tuesday of every month. That is when Microsoft rolls out patch updates to improve security of Microsoft applications. Coinciding with the Patch Tuesday it is also a general trend for the roll out of patch updates for other third party applications that include Adobe and Mozilla, among many others.

When is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on March 11 , 2025.

What is patching and why is it important?

Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability. Such vulnerabilities in any application are loop holes for attackers to get their hands on business critical data and information. So it is highly crucial to keep all the applications in a network updated to its latest versions. Updating applications in mobile phones and laptops also work in the same manner by preventing theft of personal data, through security flaws.

What kind of patch updates are released during Patch Tuesday?

Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released. It is always a best practice to prioritize your patching based on the severity level mentioned.

What are CVE IDs?

CVE ID - Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD). You can look up for a detailed explanation of each vulnerability in the NVD with the help of CVE ID. In Patch Manager Plus you can make use of these CVE IDs to fetch the appropriate patches to deploy. You can find the CVE IDs here.

How to register for ManageEngine's Free Patch Tuesday webinar?

The upcoming Free Patch Tuesday webinar by ManageEngine is scheduled on -. You can make your registrations here.

Where can I find more details about individual bulletins?

Each CVE ID listed in the CVE Index section has been linked to its security advisory.