CVE-2025-21391, the zero-day Windows storage flaw, stems from the way Windows resolves file paths and follows links, Walters said. File deletion is just the beginning of the problems it could cause, as it could lead to privilege escalation, unwanted access to security logs or configurations, malware injection, data manipulation, or other attacks.

The latest updates resolve more glitches and security flaws - some critical - in Windows 11 23H2 and 24H2, so you'll want to install them sooner rather than later.

Today is Microsoft' 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks.

Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’.

All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

The Microsoft Patch Tuesday machine hummed loudly this month fixes for a pair of already-exploited Windows zero-days.

CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts.

The second actively exploited zero-day vulnerability is CVE-2025-21418 – another EoP bug, but this time in the Windows Ancillary Function Driver (AFD) for WinSock. It applies to all Windows versions containing the vulnerable AFD.sys driver, including Windows 10, Windows 11, Windows Server 2016 and later, according to Action1 co-founder, Alex Vovk.

Windows 11 update packs a raft of important fixes for nasty audio bugs and an Auto HDR glitch that has been seriously frustrating for gamers.