Microsoft on Tuesday launched 57 patches touching 13 product households. Two of the addressed points are thought-about by Microsoft to be of Essential severity, and 13 have a CVSS base rating of 8.0 or greater. Two, each affecting Home windows, are underneath energetic exploit within the wild.
At patch time, two of the addressed Home windows points (CVE-2025-21391, CVE-2025-21418) are detected to be underneath energetic exploit within the wild, with 17 extra CVEs extra prone to be exploited within the subsequent 30 days by the corporate’s estimation. 4 of this month’s points are amenable to detection by Sophos protections, and we embody info on these in a desk under.
Along with these patches, the discharge contains advisory info on Servicing Stack Updates, in addition to info on the month’s 10 Edge patches (there’s additionally, for the second month in a row, an Web Explorer patch, as we’ll focus on under) and one Dynamics 365 problem coated within the launch however already mitigated by Microsoft.
We’re as all the time together with on the finish of this submit extra appendices itemizing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product household; an appendix protecting the advisory-style updates; and a breakout of the patches affecting the varied Home windows Server platforms nonetheless in help. This month, we’re including additional info to Appendix B, recapping CVSS Base scores for probably the most extremely scored vulnerabilities.
By the numbers
- Whole CVEs: 57
- Publicly disclosed: 2
- Exploit detected: 2
- Severity
- Essential: 2
- Necessary: 55
- Affect
- Distant Code Execution: 23
- Elevation of Privilege: 19
- Denial of Service: 9
- Safety Function Bypass: 2
- Spoofing: 2
- Info Disclosure: 1
- Tampering: 1
- CVSS base rating 9.0 or better: 1
- CVSS base rating 8.0 or better: 12
Determine 1: Distant code execution accounts for slightly below half of the February CVE haul, and for each of its Essential-severity points
Merchandise
- Home windows: 37
- 365: 8
- Workplace: 8
- Excel: 6
- Visible Studio: 4
- Azure: 2
- CBL Mariner: 1
- PC: 1
- Microsoft AutoUpdate for Mac: 1
- Outlook: 1
- PC Supervisor: 1
- SharePoint: 1
- Floor: 1
As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on.
Determine 2: All 37 of February’s Home windows patches apply to the server-side OS, although most additionally apply to the shopper facet. As for the remainder, considered one of this month’s curiosities is which are are 4 patches for Visible Studio – however none for .NET
Notable February updates
Along with the problems mentioned above, quite a lot of particular gadgets benefit consideration.
CVE-2025-21391 — Home windows Storage Elevation of Privilege Vulnerability
One of many two points already identified to be underneath exploit within the wild, this problem would enable an attacker to delete focused information on the system; no consumer interplay is required.
CVE-2025-21198 – Microsoft Excessive Efficiency Compute (HPC) Pack Linux Compute Node Distant Code Execution Vulnerability
Microsoft characterizes this CVSS 9.0 problem as Necessary in severity and believes it’s much less prone to be exploited within the subsequent 30 days. To use this problem, an attacker would want entry to the community connecting the focused clusters and nodes, and would ship a malicious HTTPS request to the focused head node or Linux compute node
CVE-2025-21381, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394 – all Microsoft Excel Distant Code Execution Vulnerability
5 of the six Excel vulnerabilities this month (that are additionally 5 of the eight 365 and Workplace vulnerabilities) embody Preview Pane as a possible vector. All are Necessary-severity points with a CVSS Base rating of seven.8.
CVE-2025-21194 — Microsoft Floor Safety Function Bypass Vulnerability
It is a powerful bug to take advantage of – it requires a good quantity of preparation, attacker entry to a restricted community, and a reboot on the consumer’s half. The outstanding factor about this bug, nonetheless, is that it is dependent upon the {hardware} – particularly, a number of variations of Microsoft’s Floor platform, and extra particularly VMs inside a UEFI host machine. A profitable attacker may bypass the UEFI, which may result in compromise of the hypervisor and the safe kernel.
CVE-2025-21377 — NTLM Hash Disclosure Spoofing Vulnerability
Web Explorer once more? Sure, and that’s not the one throwback side to this patch. The vulnerability, which discloses the consumer’s NTLMv2 hash, impacts the MSHTML, EdgeHTML, and scripting platforms nonetheless lurking under the floor of assorted purposes. Microsoft believes this problem is amongst these extra prone to be exploited within the wild within the subsequent 30 days. Discovery of this bug was apparently a multinational effort, with credit score given to researchers at Cathay Pacific in addition to safety corporations Securify BV and ACROS Safety. The latter could ring bells with tech folks skilled sufficient to recollect considered one of their early discoveries – one of many knot of vulnerabilities that composed Stuxnet.
Determine 3: With Tampering becoming a member of the board with a single vulnerability this month, all the same old classes are already represented on the 2025 cumulative chart
Sophos protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2025-21184 | Exp/2521184-A | Exp/2521184-A |
| CVE-2025-21358 | Exp/2521358-A | Exp/2521358-A |
| CVE-2025-21377 | sid:2310588 | sid:2310588 |
| CVE-2025-21414 | Exp/2521414-A | Exp/2521414-A |
As you’ll be able to each month, if you happen to don’t wish to wait to your system to tug down Microsoft’s updates itself, you’ll be able to obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe device to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace bundle to your particular system’s structure and construct quantity.
Appendix A: Vulnerability Affect and Severity
It is a checklist of February patches sorted by affect, then sub-sorted by severity. Every checklist is additional organized by CVE.
Distant Code Execution (23 CVEs)
| Essential severity | |
| CVE-2025-21376 | Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability |
| CVE-2025-21379 | DHCP Consumer Service Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` coverage Distant Code Execution Vulnerability |
| CVE-2025-21188 | Azure Community Watcher VM Extension Distant Code Execution Vulnerability |
| CVE-2025-21190 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21198 | Microsoft Excessive Efficiency Compute (HPC) Pack Linux Compute Node Distant Code Execution Vulnerability |
| CVE-2025-21200 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21201 | Home windows Telephony Server Distant Code Execution Vulnerability |
| CVE-2025-21208 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| CVE-2025-21368 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21369 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21371 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21381 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21386 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21387 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21390 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21392 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21394 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21397 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21400 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21406 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21407 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21410 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
Elevation of Privilege (19 CVEs)
| Necessary severity | |
| CVE-2025-21182 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21183 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21184 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21206 | Visible Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-21322 | Microsoft PC Supervisor Elevation of Privilege Vulnerability |
| CVE-2025-21337 | Home windows NTFS Elevation of Privilege Vulnerability |
| CVE-2025-21358 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21367 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-21373 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-21391 | Home windows Storage Elevation of Privilege Vulnerability |
| CVE-2025-21414 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21418 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-21419 | Home windows Setup Information Cleanup Elevation of Privilege Vulnerability |
| CVE-2025-21420 | Home windows Disk Cleanup Instrument Elevation of Privilege Vulnerability |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-24038 | Azure Firmware Elevation of Privilege Vulnerability |
| CVE-2025-24039 | Visible Studio Code Elevation of Privilege Vulnerability |
| CVE-2025-24042 | Visible Studio Code JS Debug Extension Elevation of Privilege Vulnerability |
Denial of Service (9 CVEs)
| Necessary severity | |
| CVE-2025-21179 | DHCP Consumer Service Denial of Service Vulnerability |
| CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21212 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21216 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21254 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21347 | Home windows Deployment Companies Denial of Service Vulnerability |
| CVE-2025-21350 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21351 | Home windows Energetic Listing Area Companies API Denial of Service Vulnerability |
| CVE-2025-21352 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
Safety Function Bypass (2 CVEs)
| Necessary severity | |
| CVE-2025-21194 | Microsoft Floor Safety Function Bypass Vulnerability |
| CVE-2025-21359 | Home windows Kernel Safety Function Bypass Vulnerability |
Spoofing (2 CVEs)
| Necessary severity | |
| CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability |
Info Disclosure (1 CVE)
| Necessary severity | |
| CVE-2025-21383 | Microsoft Excel Info Disclosure Vulnerability |
Tampering (1 CVE)
| Necessary severity | |
| CVE-2025-21349 | Home windows Distant Desktop Configuration Service Tampering Vulnerability |
Appendix B: Exploitability and CVSS
It is a checklist of the February CVEs judged by Microsoft to be both underneath exploitation within the wild or extra prone to be exploited within the wild inside the first 30 days post-release. The checklist is additional organized by CVE.
| Exploitation detected | |
| CVE-2025-21391 | Home windows Storage Elevation of Privilege Vulnerability |
| CVE-2025-21418 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability |
| Exploitation extra possible inside the subsequent 30 days | |
| CVE-2025-21184 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21358 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21367 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-21376 | Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability |
| CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-21400 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21414 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21419 | Home windows Setup Information Cleanup Elevation of Privilege Vulnerability |
| CVE-2025-21420 | Home windows Disk Cleanup Instrument Elevation of Privilege Vulnerability |
It is a checklist of February CVEs with a Microsoft-assessed CVSS Base rating of 8.0 or greater. They’re organized by rating and additional sorted by CVE. For extra info on how CVSS works, please see our collection on patch prioritization schema.
| CVSS Base | CVSS Temporal | CVE | Title |
| 9.0 | 7.8 | CVE-2025-21198 | Microsoft Excessive Efficiency Compute (HPC) Pack Linux Compute Node Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21190 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21200 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21201 | Home windows Telephony Server Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21208 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21368 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21369 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21371 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21406 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21407 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-21410 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-21376 | Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability |
| 8.0 | 7.0 | CVE-2025-21400 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
Appendix C: Merchandise Affected
It is a checklist of February’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which are shared amongst a number of product households are listed a number of occasions, as soon as for every product household. Points affecting Home windows Server are additional sorted in Appendix E.
Home windows (37 CVEs)
| Essential severity | |
| CVE-2025-21376 | Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability |
| CVE-2025-21379 | DHCP Consumer Service Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2025-21179 | DHCP Consumer Service Denial of Service Vulnerability |
| CVE-2025-21181 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21182 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21183 | Home windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21184 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21190 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21200 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21201 | Home windows Telephony Server Distant Code Execution Vulnerability |
| CVE-2025-21208 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| CVE-2025-21212 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21216 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21254 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21337 | Home windows NTFS Elevation of Privilege Vulnerability |
| CVE-2025-21347 | Home windows Deployment Companies Denial of Service Vulnerability |
| CVE-2025-21349 | Home windows Distant Desktop Configuration Service Tampering Vulnerability |
| CVE-2025-21350 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21351 | Home windows Energetic Listing Area Companies API Denial of Service Vulnerability |
| CVE-2025-21352 | Web Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21358 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21359 | Home windows Kernel Safety Function Bypass Vulnerability |
| CVE-2025-21367 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-21368 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21369 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21371 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21373 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21375 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-21377 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-21391 | Home windows Storage Elevation of Privilege Vulnerability |
| CVE-2025-21406 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21407 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21410 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| CVE-2025-21414 | Home windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-21418 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-21419 | Home windows Setup Information Cleanup Elevation of Privilege Vulnerability |
| CVE-2025-21420 | Home windows Disk Cleanup Instrument Elevation of Privilege Vulnerability |
365 (8 CVEs)
| Necessary severity | |
| CVE-2025-21381 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21383 | Microsoft Excel Info Disclosure Vulnerability |
| CVE-2025-21386 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21387 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21390 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21392 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21394 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21397 | Microsoft Workplace Distant Code Execution Vulnerability |
Workplace (8 CVEs)
| Necessary severity | |
| CVE-2025-21381 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21383 | Microsoft Excel Info Disclosure Vulnerability |
| CVE-2025-21386 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21387 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21390 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21392 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21394 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21397 | Microsoft Workplace Distant Code Execution Vulnerability |
Excel (6 CVEs)
| Necessary severity | |
| CVE-2025-21381 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21383 | Microsoft Excel Info Disclosure Vulnerability |
| CVE-2025-21386 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21387 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21390 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21394 | Microsoft Excel Distant Code Execution Vulnerability |
Visible Studio (4 CVEs)
| Necessary severity | |
| CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` coverage Distant Code Execution Vulnerability |
| CVE-2025-21206 | Visible Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-24039 | Visible Studio Code Elevation of Privilege Vulnerability |
| CVE-2025-24042 | Visible Studio Code JS Debug Extension Elevation of Privilege Vulnerability |
Azure (2 CVEs)
| Necessary severity | |
| CVE-2025-21188 | Azure Community Watcher VM Extension Distant Code Execution Vulnerability |
| CVE-2025-24038 | Azure Firmware Elevation of Privilege Vulnerability |
CBL Mariner (1 CVE)
| Necessary severity | |
| CVE-2023-32002 | HackerOne: CVE-2023-32002 Node.js `Module._load()` coverage Distant Code Execution Vulnerability |
HPC (1 CVE)
| Necessary severity | |
| CVE-2025-21198 | Microsoft Excessive Efficiency Compute (HPC) Pack Linux Compute Node Distant Code Execution Vulnerability |
Microsoft AutoUpdate for Mac (1 CVE)
| Necessary severity | |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Outlook (1 CVE)
| Necessary severity | |
| CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability |
PC Supervisor (1 CVE)
| Necessary severity | |
| CVE-2025-21322 | Microsoft PC Supervisor Elevation of Privilege Vulnerability |
SharePoint (1 CVE)
| Necessary severity | |
| CVE-2025-21400 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
Floor (1 CVE)
| Necessary severity | |
| CVE-2025-21194 | Microsoft Floor Safety Function Bypass Vulnerability |
Appendix D: Advisories and Different Merchandise
It is a checklist of advisories and knowledge on different related CVEs within the February launch. The problems addressed in these CVEs have already been mitigated by Microsoft, however had been listed within the launch within the pursuits of transparency.
Microsoft info:
| CVE / identifier | Product | Title |
| ADV990001 | Newest Servicing Stack Updates | |
| CVE-2025-0444 | Edge | Chromium: CVE-2025-0444 Use after free in Skia |
| CVE-2025-0445 | Edge | Chromium: CVE-2025-0445 Use after free in V8 |
| CVE-2025-0451 | Edge | Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API |
| CVE-2025-21177 | Dynamics 365 | Microsoft Dynamics 365 Gross sales Elevation of Privilege Vulnerability |
| CVE-2025-21253 | Edge | Microsoft Edge for IOS and Android Spoofing Vulnerability |
| CVE-2025-21267 | Edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-21279 | Edge | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability |
| CVE-2025-21283 | Edge | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability |
| CVE-2025-21342 | Edge | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability |
| CVE-2025-21404 | Edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-21408 | Edge | Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability |
There are not any Adobe advisories on this month’s launch.
Appendix E: Affected Home windows Server variations
It is a desk of CVEs within the February launch affecting 9 Home windows Server variations, 2008 by way of 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Essential-severity points are marked in pink; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to establish their particular publicity, as every reader’s scenario, particularly because it considerations merchandise out of mainstream help, will range. For particular Information Base numbers, please seek the advice of Microsoft.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2025-21179 | × | × | × | × | × | × | × | × | ■ |
| CVE-2025-21181 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21182 | × | × | × | × | × | × | × | × | ■ |
| CVE-2025-21183 | × | × | × | × | × | × | × | × | ■ |
| CVE-2025-21184 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21190 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21200 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21201 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21208 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21212 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21216 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21254 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21337 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21347 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21349 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21350 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21351 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21352 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21358 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21359 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21367 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21368 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21369 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21371 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21373 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21375 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21376 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21377 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21379 | × | × | × | × | × | × | × | × | ■ |
| CVE-2025-21391 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21406 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21407 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21410 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21414 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21418 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21419 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21420 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
