Microsoft Security Bulletin Coverage for February 2025

Overview

Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities.

Vulnerabilities with Detections

CVE	CVE Title	Signature
CVE-2025-21184	Windows Core Messaging Elevation of Privileges Vulnerability	ASPY 7043 Exploit-exe exe.MP_428
CVE-2025-21358	Windows Core Messaging Elevation of Privileges Vulnerability	ASPY 7044 Exploit-exe exe.MP_429
CVE-2025-21376	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	IPS 20724 Windows LDAP Remote Code Execution (CVE-2025-21376)
CVE-2025-21377	NTLM Hash Disclosure Spoofing Vulnerability	ASY 7042 Malformed-url url.MP_2
CVE-2025-21391	Windows Storage Elevation of Privilege Vulnerability	ASPY 625 Exploit-exe exe.MP_431
CVE-2025-21400	Microsoft SharePoint Server Remote Code Execution Vulnerability	ASPY 624 Exploit-exe exe.MP_430

Release Breakdown

The vulnerabilities can be classified into the following categories:

For February there are 3 critical and 53 important vulnerabilities.

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the Patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities  

CVE	CVE Title
CVE-2025-21179	DHCP Client Service Denial of Service Vulnerability
CVE-2025-21181	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21212	Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21216	Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21254	Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21347	Windows Deployment Services Denial of Service Vulnerability
CVE-2025-21350	Windows Kerberos Denial of Service Vulnerability
CVE-2025-21351	Windows Active Directory Domain Services API Denial of Service Vulnerability
CVE-2025-21352	Internet Connection Sharing (ICS) Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities  

CVE	CVE Title
CVE-2025-21177	Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
CVE-2025-21182	Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-21183	Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-21184	Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21188	Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
CVE-2025-21206	Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-21322	Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-21337	Windows NTFS Elevation of Privilege Vulnerability
CVE-2025-21358	Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21367	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-21373	Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21375	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-21391	Windows Storage Elevation of Privilege Vulnerability
CVE-2025-21414	Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21418	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-21419	Windows Setup Files Cleanup Elevation of Privilege Vulnerability
CVE-2025-21420	Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
CVE-2025-24036	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-24039	Visual Studio Code Elevation of Privilege Vulnerability
CVE-2025-24042	Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Information Disclosure Vulnerability  

CVE	CVE Title
CVE-2025-21383	Microsoft Excel Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities  

CVE	CVE Title
CVE-2025-21190	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21198	Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
CVE-2025-21200	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21201	Windows Telephony Server Remote Code Execution Vulnerability
CVE-2025-21208	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-21368	Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21369	Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21371	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21376	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2025-21379	DHCP Client Service Remote Code Execution Vulnerability
CVE-2025-21381	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21392	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21394	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21397	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21400	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21406	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21407	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21410	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities  

CVE	CVE Title
CVE-2025-21194	Microsoft Surface Security Feature Bypass Vulnerability
CVE-2025-21359	Windows Kernel Security Feature Bypass Vulnerability

Spoofing Vulnerabilities  

CVE	CVE Title
CVE-2025-21253	Microsoft Edge for IOS and Android Spoofing Vulnerability
CVE-2025-21259	Microsoft Outlook Spoofing Vulnerability
CVE-2025-21377	NTLM Hash Disclosure Spoofing Vulnerability

Tampering Vulnerability

CVE	CVE Title
CVE-2025-21349	Windows Remote Desktop Configuration Service Tampering Vulnerability

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

February 11, 2025
GCleaner is Packed and Ready to Go
Read More
February 7, 2025
Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections
Read More

Overview

Vulnerabilities with Detections

Release Breakdown

Release Detailed Breakdown

Denial of Service Vulnerabilities

Elevation of Privilege Vulnerabilities

Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

Security Feature Bypass Vulnerabilities

Spoofing Vulnerabilities

Tampering Vulnerability

Related Articles

Denial of Service Vulnerabilities  

Elevation of Privilege Vulnerabilities  

Information Disclosure Vulnerability  

Remote Code Execution Vulnerabilities  

Security Feature Bypass Vulnerabilities  

Spoofing Vulnerabilities  