Post-Patch Tuesday Roundup: February 2025 | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Post-Patch Tuesday Roundup: February 2025

In this edition, we will focus on the patches by Microsoft, Adobe, Cisco, Red Hat and Oracle. We have also included notable updates for Apple this month, due to the pervasive nature of the updates.

Post patch tuesday image 1

Aoibhín Hamill

Cyber Security Sales Engineer

Welcome to the Softcat Patch Tuesday roundup for February 2025, where we offer insight into the major patches released this month. In this edition, we will focus on the patches by Microsoft, Adobe, Cisco, Red Hat and Oracle.  We have also included notable updates for Apple this month, due to the pervasive nature of the updates.

There have been quite a few zero-day exploits identified, with some of these known to have been actively exploited in the wild.

Broader Industry Emerging Trends have identified priority areas for organisations.

· Be sure to secure enterprise networks against authentication bypass exploits like those affecting Fortinet products.

· The exploitation of RCE vulnerabilities remains a top concern, with Microsoft reporting that RCE flaws accounted for over 38% of February's patches.

· Sophisticated attacks targeting zero-days in widely used software and hardware should be addressed utilising critical patch processes.

· Veeam updates should be tested and monitored to ensure early exploitation is prevented.

(e.g., Apple CoreMedia and Fortinet firewalls).

 

Microsoft

In their February Patch Tuesday release, Microsoft has addressed 63 vulnerabilities, with 3 of those rated as Critical and 4 being zero-day vulnerabilities. 2 vulnerabilities are being actively exploited in attacks. The patches cover a broad array of Microsoft products and components, including Windows operating system services (such as DHCP Client, Message Queuing, ReFS Deduplication, CoreMessaging, Telephony, and more), Visual Studio and Visual Studio Code, Microsoft Dynamics 365 Sales, Microsoft Office (Excel and Office SharePoint), Azure Network Watcher, and Microsoft Edge (Chromium-based and mobile variants).

This month's vulnerabilities chiefly revolve around Remote Code Execution (RCE), Elevation of Privilege (EoP), and Denial of Service (DoS). Outlined below are some of the more critical/important vulnerabilities detailed in this month’s Patch Tuesday:

Zero-Day Vulnerabilities

Among the vulnerabilities patched, three were actively exploited in the wild:

1. CVE-2023-24932: A Secure Boot security feature bypass vulnerability that could allow an attacker to evade security restrictions and execute unauthorized code.

2. CVE-2025-21391: A Windows Storage elevation of privilege vulnerability that could enable an attacker to gain higher-level access to the system.

3. CVE-2025-21418: An elevation of privilege vulnerability affecting the Windows Ancillary Function Driver for WinSock, potentially allowing attackers to escalate privileges on targeted systems.

Critical

1. CVE-2025-21198 – This is a Remote Code Execution vulnerability in Microsoft High Performance Compute (HPC) Pack that can allow an attacker to send a specially crafted HTTPS request to a targeted head node or Linux compute node, potentially enabling remote code execution across connected HPC clusters. It is considered Important, and it has a CVSS score of 9.0. The vulnerability results from missing authentication for a critical function, requiring the attacker to have adjacent network access to the HPC environment to exploit it

2. CVE-2025-21376 - A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability that could allow attackers to execute arbitrary code remotely.

3. CVE-2025-21379 - A DHCP Client Service RCE vulnerability that may enable remote attackers to execute code with elevated privileges.

4. CVE-2025-21381 - An RCE vulnerability in Microsoft Excel that could be triggered through malicious spreadsheet files.

Important

In addition to the critical flaws, Microsoft addressed several “Important” vulnerabilities, including:

1. Remote Code Execution Vulnerabilities: Affecting .NET, Visual Studio, Microsoft Office, and Windows Telephony Service.

2. Elevation of Privilege Vulnerabilities: Impacting Azure Network Watcher VM Extension, Kernel Streaming WOW Thunk Service Driver, Microsoft AutoUpdate (MAU), and Windows Storage.

3. Denial of Service Vulnerabilities: Found in Windows Active Directory Domain Services API, Internet Connection Sharing (ICS), and Windows Kerberos.

4. Security Feature Bypass Vulnerabilities: Affecting Microsoft Surface and Windows Kernel security features.

5. Spoofing Vulnerabilities: Found in Microsoft Outlook and NTLM Hash Disclosure mechanisms.

 

Adobe

Adobe has released seven patches this month, addressing 45 vulnerabilities. The applications in question are:

Adobe InDesign – Priority 3         

Adobe Commerce – Priority 1

Adobe Substance 3D Stager – Priority 3

Adobe InCopy – Priority 3

Adobe Illustrator – Priority 3

Adobe Photoshop Elements – Priority 3

None of these vulnerabilities are known to be currently exploited in the wild. Priority 1 resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Priority 3 is related to a product that has historically not been a target for attackers.

 

Cisco

Cisco has so far released 9 advisories for 30 vulnerabilities in February, with the impact ratings ranging from Medium to Critical. The Critical vulnerability relates to Cisco Identity Services Engine.

 

Red Hat

Updates below are part of Red Hat's ongoing efforts to enhance the security of its platforms and reduce the risk of exploitation:

· The vulnerabilities span various components, including OpenShift, Python-Jinja2, and Podman.

· Notable updates include fixes for OpenShift Container Platform 4.14.46, Firefox, and Buildah.

· Critical vulnerabilities like CVE-2025-1019 and others were addressed in recent advisories.

Red Hat- updates

Updates Released:

· Security advisory RHSA-2025:1330 fixed vulnerabilities in OpenSSL for Red Hat Enterprise Linux 9

 

SUSE

Vulnerabilities Patched:

· Multiple vulnerabilities addressed in SUSE Linux Kernel, including denial of service, elevation of privilege, RCE, and information disclosure flaws59.

· Example: CVE-2024-45016, a netem enqueue failure issue, patched in SUSE Linux Enterprise Live Patching 12-SP55.

 

Ubuntu

Security Notices Published:

· Several vulnerabilities fixed across multiple kernel versions, including CVE-2024-41012, CVE-2024-40982, and CVE-2024-26595, among others.

· Focusing on kernel-level issues affecting low-latency and general-purpose builds.

 

Android/Linux Kernel

Critical Vulnerabilities Fixed:

· CVE-2024-53104: A high-severity out-of-bounds write flaw in the Linux kernel’s UVC driver exploited in the wild. This vulnerability was introduced in kernel version 2.6.26 and resolved in December 2024 but rolled into Android's February patch37.

· Additional fixes for Qualcomm WLAN and other components impacting Android devices.

 

Fortinet

Fortinet has resolved 21 vulnerabilities in February: 3 Critical, 6 High, 9 Medium, and 3 Low severity. The specific vulnerabilities we want to mention, due to their categorisation are:

CVE-2023-42790 (Critical): An Out-of-Bounds Write and Buffer Overflow vulnerability in FortiOS & FortiProxy captive portal allows internal attackers to execute arbitrary code via crafted HTTP requests. CVSS score: 9.8. Immediate patching is advised as it has been exploited.

CVE-2025-24472 (Critical): An Authentication Bypass vulnerability in FortiGate devices enables, allowing attackers to create admin/local user accounts, alter firewall settings, and access gain unauthorized SSLVPN access to the internal network via SSLVPN. It has a CVSS score: 9.7. Prompt patching is necessary due to known exploitation.

 

SAP

SAP has released 19 new Security Notes. Further, there were 2 updates to previously released Security Notes. 6 of these CVEs are rated “High” or “Hot News” (Very High). The products affected by the high to very high rated CVEs are:

· SAP NetWeaver AS Java (User Admin Application)

· SAP BusinessObjects Business Intelligence platform (Central Management Console)

· SAP Supplier Relationship Management

· SAP Enterprise Project Connection

· SAP HANA extended application services

 

Veeam

Veeam has released security updates to address a critical vulnerability (CVE-2025-23114) affecting the Veeam Updater component.

An attacker could exploit this remote code execution vulnerability to perform man-in-the-middle attacks, ultimately executing arbitrary code on the vulnerable device with root privileges.

The vulnerability affects the following products:

· Veeam Backup for Salesforce versions 3.1 and older

· Veeam Backup for Nutanix AHV versions 5.0 and 5.1

· Veeam Backup for AWS versions 6a and 7

· Veeam Backup for Microsoft Azure versions 5a and 6

· Veeam Backup for Google Cloud versions 4 and 5

· Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization versions 3, 4.0 and 4.1

 

Apple

Zero-Day Exploit Fixed:

CVE-2025-24085: a post-release memory usage flaw in CoreMedia, was patched. It allowed attackers to take control of devices via fake media playback apps.

Affected platforms: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.

Devices Impacted: Older models like iPhone XS, iPad Air 3rd gen, and Apple Watch Series 6 were included in the fixes4.

 

As always, users are recommended to install the latest security updates as soon as possible to protect their systems from potential threats.