OnlyFm252
Patch Tuesday Archive

Patch Tuesday February 2025

Total CVEs

66

Critical

6

Important

56

Exploited

3

Publicly Disclosed

2

All CVEs this month 66

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2025-21177 Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability Critical 8.7 Microsoft Dynamics 365 Sales - -
CVE-2025-21355 Microsoft Bing Remote Code Execution Vulnerability Critical 8.6 Microsoft Bing - -
CVE-2025-21376 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical 8.1 Windows LDAP - Lightweight Directory Access Protocol - -
CVE-2025-21379 DHCP Client Service Remote Code Execution Vulnerability Critical 7.1 Windows DHCP Server - -
CVE-2025-21381 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 Microsoft Office Excel - -
CVE-2025-24989 Microsoft Power Pages Elevation of Privilege Vulnerability Critical 8.2 Microsoft Power Pages Yes -
CVE-2025-21179 DHCP Client Service Denial of Service Vulnerability Important 4.8 Windows DHCP Client - -
CVE-2025-21181 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Important 7.5 Windows Message Queuing - -
CVE-2025-21182 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Important 7.4 Windows Resilient File System (ReFS) Deduplication Service - -
CVE-2025-21183 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Important 7.4 Windows Resilient File System (ReFS) Deduplication Service - -
CVE-2025-21184 Windows Core Messaging Elevation of Privileges Vulnerability Important 7 Windows CoreMessaging - -
CVE-2025-21188 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability Important 6 Azure Network Watcher - -
CVE-2025-21190 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability Important 7.1 Microsoft Surface - Yes
CVE-2025-21198 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Important 9 Microsoft High Performance Compute Pack (HPC) Linux Node Agent - -
CVE-2025-21200 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2025-21201 Windows Telephony Server Remote Code Execution Vulnerability Important 8.8 Windows Telephony Server - -
CVE-2025-21206 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.3 Visual Studio - -
CVE-2025-21208 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-21212 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 Windows Internet Connection Sharing (ICS) - -
CVE-2025-21216 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 Windows Internet Connection Sharing (ICS) - -
CVE-2025-21254 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 Windows Internet Connection Sharing (ICS) - -
CVE-2025-21259 Microsoft Outlook Spoofing Vulnerability Important 5.3 Outlook for Android - -
CVE-2025-21279 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 6.5 Microsoft Edge (Chromium-based) - -
CVE-2025-21283 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 6.5 Microsoft Edge (Chromium-based) - -
CVE-2025-21322 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 Microsoft PC Manager - -
CVE-2025-21337 Windows NTFS Elevation of Privilege Vulnerability Important 3.3 Microsoft Windows - -
CVE-2025-21342 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 Microsoft Edge (Chromium-based) - -
CVE-2025-21347 Windows Deployment Services Denial of Service Vulnerability Important 6 Windows Update Stack - -
CVE-2025-21349 Windows Remote Desktop Configuration Service Tampering Vulnerability Important 6.8 Windows Remote Desktop Services - -
CVE-2025-21350 Windows Kerberos Denial of Service Vulnerability Important 5.9 Windows Kerberos - -
CVE-2025-21351 Windows Active Directory Domain Services API Denial of Service Vulnerability Important 7.5 Active Directory Domain Services - -
CVE-2025-21352 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 Windows Internet Connection Sharing (ICS) - -
CVE-2025-21358 Windows Core Messaging Elevation of Privileges Vulnerability Important 7.8 Windows CoreMessaging - -
CVE-2025-21359 Windows Kernel Security Feature Bypass Vulnerability Important 7.8 Windows Kernel - -
CVE-2025-21367 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 Windows Win32 Kernel Subsystem - -
CVE-2025-21368 Microsoft Digest Authentication Remote Code Execution Vulnerability Important 8.8 Microsoft Digest Authentication - -
CVE-2025-21369 Microsoft Digest Authentication Remote Code Execution Vulnerability Important 8.8 Microsoft Digest Authentication - -
CVE-2025-21371 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2025-21373 Windows Installer Elevation of Privilege Vulnerability Important 7.8 Windows Installer - -
CVE-2025-21375 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important 7.8 Microsoft Streaming Service - -
CVE-2025-21377 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 Windows NTLM - Yes
CVE-2025-21383 Microsoft Excel Information Disclosure Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-21386 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-21387 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-21390 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-21391 Windows Storage Elevation of Privilege Vulnerability Important 7.1 Windows Storage Yes -
CVE-2025-21392 Microsoft Office Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2025-21394 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-21397 Microsoft Office Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2025-21400 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8 Microsoft Office SharePoint - -
CVE-2025-21406 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2025-21407 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2025-21408 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 Microsoft Edge (Chromium-based) - -
CVE-2025-21410 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-21414 Windows Core Messaging Elevation of Privileges Vulnerability Important 7 Windows DWM Core Library - -
CVE-2025-21418 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 Windows Ancillary Function Driver for WinSock Yes -
CVE-2025-21419 Windows Setup Files Cleanup Elevation of Privilege Vulnerability Important 7.1 Windows Setup Files Cleanup - -
CVE-2025-21420 Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Important 7.8 Windows Disk Cleanup Tool - -
CVE-2025-24036 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Important 7 Microsoft AutoUpdate (MAU) - -
CVE-2025-24039 Visual Studio Code Elevation of Privilege Vulnerability Important 7.3 Visual Studio Code - -
CVE-2025-24042 Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability Important 7.3 Visual Studio Code - -
CVE-2025-21253 Microsoft Edge for IOS and Android Spoofing Vulnerability Moderate 5.3 Microsoft Edge for iOS and Android - -
CVE-2025-21267 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.4 Microsoft Edge (Chromium-based) - -
CVE-2025-21404 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.3 Microsoft Edge (Chromium-based) - -
CVE-2025-21401 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Unknown 4.5 Microsoft Edge (Chromium-based) - -

    Threat Categories 8

    Threat Category CVEs Critical
    Remote Code Execution 26 4
    Elevation of Privilege 21 2
    Denial of Service 9 -
    Spoofing 5 -
    Security Feature Bypass 2 -
    Tampering 1 -
    Information Disclosure 1 -
    Unknown 1 -

    Affected Products 42

    Product CVEs Exploited
    Microsoft Edge (Chromium-based) 7 -
    Microsoft Office Excel 6 -
    Windows Telephony Service 5 -
    Windows Internet Connection Sharing (ICS) 4 -
    Windows Resilient File System (ReFS) Deduplication Service 2 -
    Windows CoreMessaging 2 -
    Windows Routing and Remote Access Service (RRAS) 2 -
    Microsoft Digest Authentication 2 -
    Microsoft Office 2 -
    Visual Studio Code 2 -
    Microsoft Dynamics 365 Sales 1 -
    Microsoft Bing 1 -
    Windows LDAP - Lightweight Directory Access Protocol 1 -
    Windows DHCP Server 1 -
    Microsoft Power Pages 1 1
    Windows DHCP Client 1 -
    Windows Message Queuing 1 -
    Azure Network Watcher 1 -
    Microsoft Surface 1 -
    Microsoft High Performance Compute Pack (HPC) Linux Node Agent 1 -
    Windows Telephony Server 1 -
    Visual Studio 1 -
    Outlook for Android 1 -
    Microsoft PC Manager 1 -
    Microsoft Windows 1 -
    Windows Update Stack 1 -
    Windows Remote Desktop Services 1 -
    Windows Kerberos 1 -
    Active Directory Domain Services 1 -
    Windows Kernel 1 -
    Windows Win32 Kernel Subsystem 1 -
    Windows Installer 1 -
    Microsoft Streaming Service 1 -
    Windows NTLM 1 -
    Windows Storage 1 1
    Microsoft Office SharePoint 1 -
    Windows DWM Core Library 1 -
    Windows Ancillary Function Driver for WinSock 1 1
    Windows Setup Files Cleanup 1 -
    Windows Disk Cleanup Tool 1 -
    Microsoft AutoUpdate (MAU) 1 -
    Microsoft Edge for iOS and Android 1 -