Webinar Library
Welcome to my February Patch Tuesday newsletter. Today Microsoft released updates for 56 threats and an additional 33 in the past month for a total of 89 vulnerabilities being patched. In the mix we have 6 that are rated critical. In addition to these 6, we have 4 others that are rated only "Important" but they are zero days:
One thing that caught my eye this month was the release of an update but for a CVE from 2023; CVE-2023-32002. This is a privilege escalation from August 2023 rated "High" with a score of 7.7. It has now been updated as a remote code execution that Microsoft is documenting in their update guide to announce that the latest builds of Visual Studio are no longer vulnerable. I am only mentioning it because it's rare to see a two year old CVE being updated like this. Overall, the month was average to below average for updates. Be sure to check the chart below for more information. Many of you are familiar with my Security Log Encyclopedia. This past week I published what I am calling the "Windows Event Collection Encyclopedia" over at LOGbinder.com. It outlines WEC and all its moving parts and pieces as well as using WEC with non-AD / Entra-joined machines. Whether you know little about Windows event collection or are an expert, I am sure that you will benefit from it.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations
Critical
CVE-2025-21179 CVE-2025-21181 CVE-2025-21182 CVE-2025-21183 CVE-2025-21184 CVE-2025-21190 CVE-2025-21200 CVE-2025-21201 CVE-2025-21208 CVE-2025-21212 CVE-2025-21216 CVE-2025-21254 CVE-2025-21325 CVE-2025-21337 CVE-2025-21347 CVE-2025-21349 CVE-2025-21350 CVE-2025-21351 CVE-2025-21352 CVE-2025-21358 CVE-2025-21359 CVE-2025-21367 CVE-2025-21368 CVE-2025-21369 CVE-2025-21371 CVE-2025-21373 CVE-2025-21375 CVE-2025-21376 CVE-2025-21377** CVE-2025-21379 CVE-2025-21391* CVE-2025-21406 CVE-2025-21407 CVE-2025-21410 CVE-2025-21414 CVE-2025-21418* CVE-2025-21419 CVE-2025-21420
Denial of Service
Elevation of Privilege
Remote Code Execution Security Feature Bypass Spoofing Tampering
Edge
Chromium-based Edge for iOS and Android Update Setup
Moderate
CVE-2025-0434 CVE-2025-0435 CVE-2025-0436 CVE-2025-0437 CVE-2025-0438 CVE-2025-0439 CVE-2025-0440 CVE-2025-0441 CVE-2025-0442 CVE-2025-0443 CVE-2025-0444 CVE-2025-0445 CVE-2025-0446 CVE-2025-0447 CVE-2025-0448 CVE-2025-0451 CVE-2025-0611 CVE-2025-0612 CVE-2025-0762 CVE-2025-21185 CVE-2025-21253 CVE-2025-21262 CVE-2025-21267 CVE-2025-21279 CVE-2025-21283 CVE-2025-21342 CVE-2025-21399 CVE-2025-21404 CVE-2025-21408
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Excel 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac AutoUpdate for Mac Online Server
CVE-2025-21381 CVE-2025-21383 CVE-2025-21386 CVE-2025-21387 CVE-2025-21390 CVE-2025-21392 CVE-2025-21394 CVE-2025-21397 CVE-2025-24036
Elevation of Privilege Information Disclosure Remote Code Execution
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
Important
CVE-2025-21400
Remote Code Execution
Azure
Microsoft HPC Pack 2016/2019 Network Watcher VM Extension Microsoft Account AI Face Service
CVE-2025-21188 CVE-2025-21198 CVE-2025-21396 CVE-2025-21415
Visual Studio
Code - JS Debug Extension Code 2017 15.0 - 15.9 2019 16.0-16.11 2022 17.8, 17.10, 17.12
CVE-2023-32002 CVE-2025-21206 CVE-2025-24039 CVE-2025-24042
Elevation of Privilege Remote Code Execution
Apps
Microsoft PC Manager Outlook for Android
CVE-2025-21259 CVE-2025-21322
Elevation of Privilege Spoofing
Dynamics
365 Sales
CVE-2025-21177
Mariner
CBL Mariner 2.0 x64/ARM
CVE-2023-32002
Device
Surface Go 2/3 Surface Hub, Hub 2s, Hub 3 Surface Laptop Go, Go 2, Go 3 Surface Pro 7+, 8, 9 ARM Surface Laptop 3 with Intel Processor Surface Laptop 4 with Intel/AMD Processors Surface Windows Dev Kit
CVE-2025-21194**
Workaround: No Exploited: No Public: Yes**