Summary: Microsoft’s February security update addresses a total of 63 unique vulnerabilities, including two actively exploited zero-days that require immediate remediation. While the overall number of vulnerabilities has decreased from January, several critical flaws remain, including those affecting Windows components and Microsoft Dynamics 365. Security experts emphasize the urgency of addressing these issues to protect vulnerable systems from exploitation.
Affected: Microsoft Operating Systems and Applications
Keypoints :
- February update contains 63 CVEs, down from 159 in January, with two zero-days actively exploited.
- Critical flaws include RCE vulnerabilities affecting DHCP, Excel, and Windows LDAP services.
- Two key vulnerabilities, CVE-2025-21418 and CVE-2025-21391, can lead to significant security risks regarding privilege escalation and data integrity.
Source: https://www.darkreading.com/application-security/microsofts-february-patch-lighter-lift-januarys