Summary: Microsoft has released fixes for 63 security vulnerabilities, including two critical flaws actively exploited in the wild. The update aims to address various severity levels, with notable highlights being serious privilege escalation vulnerabilities that could enable attackers to compromise systems. Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies apply the patches by March 4, 2025.
Affected: Microsoft software products
Keypoints :
- 63 vulnerabilities fixed, with three rated Critical and 57 rated Important.
- Active exploitation flaws include CVE-2025-21391 and CVE-2025-21418, both related to privilege escalation.
- Major remote code execution vulnerabilities found in the HPC Pack and Windows LDAP could have significant implications for enterprise security.
- CISA has added critical flaws to its Known Exploited Vulnerabilities catalog, requiring prompt patching.
Source: https://thehackernews.com/2025/02/microsofts-patch-tuesday-fixes-63-flaws.html