Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’.

Included in the mix of patches released this month are two zero-day flaws affecting Windows; admins, that means it’s time to patch now.

CVE-2025-21391, the zero-day Windows storage flaw, stems from the way Windows resolves file paths and follows links, Walters said. File deletion is just the beginning of the problems it could cause, as it could lead to privilege escalation, unwanted access to security logs or configurations, malware injection, data manipulation, or other attacks.

Critical52Important0Moderate0LowMicrosoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release,

Microsoft has rolled out the February 2025 Patch Tuesday updates, KB5051987 and KB5051989, for Windows 11 24H2 and 23H2, as reported by Bleeping Computer. After installing the updates, the build number for Windows 11 version 24H2 will change to Build 26100.3194, while version 23H2 will be updated to Build 226x1.4890.

All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts.

Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention,