Microsoft has released its latest security update, addressing 63 vulnerabilities across its software products. The patch includes fixes for two actively exploited flaws, making this update particularly crucial for system security.

Key Vulnerability Fixes:
– 3 Critical vulnerabilities
– 57 Important vulnerabilities
– 1 Moderate vulnerability
– 2 Low-severity vulnerabilities
– 23 additional fixes for Edge browser

Notable Active Exploits:
1. CVE-2025-21391 (CVSS 7.1): Windows Storage Elevation of Privilege Vulnerability
2. CVE-2025-21418 (CVSS 7.8): Windows Ancillary Function Driver for WinSock Vulnerability

Most Critical Vulnerability:
CVE-2025-21198 (CVSS 9.0): Remote code execution vulnerability in HPC Pack, allowing attackers to execute code through specially crafted HTTPS requests.

Other Significant Issues:
– Windows LDAP RCE vulnerability (CVE-2025-21376, CVSS 8.1)
– NTLMv2 hash disclosure vulnerability (CVE-2025-21377, CVSS 6.5)

The U.S. CISA has added both actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, with a mandatory patch deadline of March 4, 2025, for federal agencies.

Multiple other technology vendors, including Adobe, Apple, Cisco, Google, and Intel, have also released security updates addressing various vulnerabilities in their respective products.