Microsoft's Patch Tuesday Fixes 63 Flaws

Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws
CVE-2025-21391, the zero-day Windows storage flaw, stems from the way Windows resolves file paths and follows links, Walters said. File deletion is just the beginning of the problems it could cause, as it could lead to privilege escalation, unwanted access to security logs or configurations, malware injection, data manipulation, or other attacks.
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
Today is Microsoft' 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks.
For February’s Patch Tuesday, Microsoft rolls out 63 updates
Included in the mix of patches released this month are two zero-day flaws affecting Windows; admins, that means it’s time to patch now.
Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day
The Microsoft Patch Tuesday machine hummed loudly this month fixes for a pair of already-exploited Windows zero-days.
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
Apple released an emergency iOS update to fix CVE-2025-24200, a zero-day flaw exploited to bypass USB Restricted Mode on locked devices in sophisticat
Microsoft Fixes Another Two Actively Exploited Zero-Days
The second actively exploited zero-day vulnerability is CVE-2025-21418 – another EoP bug, but this time in the Windows Ancillary Function Driver (AFD) for WinSock. It applies to all Windows versions containing the vulnerable AFD.sys driver, including Windows 10, Windows 11, Windows Server 2016 and later, according to Action1 co-founder, Alex Vovk.
PostgreSQL flaw exploited as zero-day in BeyondTrust breach
Rapid7's vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December.
Microsoft Patch Tuesday, February 2025 Edition
All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.
Don't ignore Microsoft's February Patch Tuesday - it's a big one for all Windows 11 users
The latest updates resolve more glitches and security flaws - some critical - in Windows 11 23H2 and 24H2, so you'll want to install them sooner rather than later.
February's Patch Tuesday sees Microsoft offer just 63 fixes
Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention,
Microsoft Releases February 2025 Patch Tuesday Updates for Windows 11
Patch Tuesday updates for Windows 11 versions introduce improved previews for apps on the taskbar, a new Windows Studio Effects icon in the system tray area, and more.
SecurityWeek9h
New Windows Zero-Day Exploited by Chinese APT: Security Firm
ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.
You Should Install This Windows Security Patch Right Away
Patch Tuesday is here, and it patches 55 security flaws in Windows. Critically, it patches four zero-day vulnerabilities, two ...
Techopedia1d
Windows Zero-Day Vulnerability Allows Attackers to Gain System Access Remotely
The New Windows zero-day CVE-2025-21418 is being actively exploited. Learn how attackers can gain system access and what ...
The Register on MSN14h
Critical PostgreSQL bug tied to zero-day attack on US Treasury
High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the ...