CVE-2025-21391, the zero-day Windows storage flaw, stems from the way Windows resolves file paths and follows links, Walters said. File deletion is just the beginning of the problems it could cause, as it could lead to privilege escalation, unwanted access to security logs or configurations, malware injection, data manipulation, or other attacks.

Today is Microsoft' 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks.

Included in the mix of patches released this month are two zero-day flaws affecting Windows; admins, that means it’s time to patch now.

The Microsoft Patch Tuesday machine hummed loudly this month fixes for a pair of already-exploited Windows zero-days.

Rapid7's vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December.

The second actively exploited zero-day vulnerability is CVE-2025-21418 – another EoP bug, but this time in the Windows Ancillary Function Driver (AFD) for WinSock. It applies to all Windows versions containing the vulnerable AFD.sys driver, including Windows 10, Windows 11, Windows Server 2016 and later, according to Action1 co-founder, Alex Vovk.

All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

The latest updates resolve more glitches and security flaws - some critical - in Windows 11 23H2 and 24H2, so you'll want to install them sooner rather than later.

Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention,