***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my February 2025 Patch Monday newsletter! We only have one zero day to talk about for the past 30 days and a single priority one update from Adobe.

Let's talk about our zero day first. Apple released updates for both its newer and older devices. iPadOS 17.7.5 and iOS/iPadOS 18.3.1 were released on February 10 to address CVE-2025-24200. This vulnerability allows a locked device, with USB Restricted Mode enabled, to be disabled. Apple says they are aware that this issue may have been exploited against specifically targeted individuals. Are you one of them? Chances are you are not :), but I recommend you update your device(s) soon.

Next is a rare priority 1 update from Adobe. Adobe released new versions for Commerce, Commerce B2B and Magento Open Source. Part of this update includes an isolated patch for CVE-2025-24434 which affects Commerce and Magento Open Source. Adobe has given this a critical priority 1 rating. You can read their release notes here. According to Adobe you will want to apply the latest updates as soon as possible.

Google released four version updates for Chrome in the past 30 days covering 21 security fixes. Of these 8 are rated as critical but thankfully there are no reported zero days. So, as usual, make sure Chrome gets restarted so that it can update.

This month's newsletter sponsor, LOGbinder, has just released a new version of Supercharger for Windows Event Collection. I'm mentioning it here because many of you are users and have been asking when the .net 8 update will be released. You can download the latest update here or if you have an existing support contract and don't want to fill out the form then just email sales@logbinder.com.

Be sure to browse the chart below and happy patching!

Follow randyfsmith on X

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/
Product

Affected Versions

Date Released
by Vendor

Vulnerability Info

Vender Severity / Our Recommedation

Multiple CVE's

Adobe InDesign

ID20.0 and earlier

ID19.5.1 and earlier

2/11/2025

 Arbitrary Code Execution,
Application DoS,
Memory Leak

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Commerce

Commerce/Magento Open Source 2.4.8-beta1, 2.4.7-p3 and earlier, 2.4.6-p8 and earlier, 2.4.5-p10 and earlier, 2.4.4-p11 and earlier

Commerce B2B 1.5.0 and earlier, 1.4.2-p3 and earlier, 1.3.5-p8 and earlier, 1.3.4-p10 and earlier, 1.3.3-p11 and earlier

2/11/2025

 Arbitrary Code Execution,
Privilege Escalation,
Security Feature Bypass

Critical Priority 1: Update within 72 hours

CVE-2025-21155

Adobe Substance 3D Stager

3.1.0 and earlier

2/11/2025

 Application DoS

Important Priority 3: Update at admins discretion

CVE-2025-21156

Adobe InCopy

20.0 and earlier
19.5.1 and earlier

2/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Illustrator

2025 29.1 earlier
2024 28.7.3 and earlier

2/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

CVE-2025-21162

Adobe Photoshop Elements

2025.0 [build: 20240918.PSE.cae27345, 20240918.PSE.d3263bae (Mac ARM)

2/11/2025

 Privilege Escalation

Important Priority 3: Update at admins discretion

CVE-2025-21161

Adobe Substance 3D Designer

14.1 and earlier

2/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

CVE-2025-24200

Apple iOS

iOS/iPadOS before 18.3.1

2/10/2025

 Security Feature Bypass Update ASAP

Multiple CVE's

Google
Chrome

Before 133.0.6943.126 (Linux)

Before 133.0.6943.126/127 (Windows/Mac)

2/18/2025

 Heap Buffer Overflow,
Inappropriate Implementation,
Out of Bounds,
Use After Free		 Update after testing

Multiple CVE's

Mozilla Thunderbird

Before 135

2/4/2025

 Arbitrary Code Execution,
Privacy Leak,
Security Feature Bypass,
Spoofing,
Use After Free

Update after testing

Multiple CVE's

Mozilla Thunderbird ESR

Before 128.7

2/4/2025

 Arbitrary Code Execution,
Memory Corruption,
Privacy Leak,
Security Feature Bypass,
Spoofing,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox

Before 135.0.1

2/18/2025

 Arbitrary Code Execution,
Memory Corruption,
Privacy Leak,
Spoofing,
Security Feature Bypass,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox ESR

Before 128.7

2/4/2025

 Arbitrary Code Execution,
Memory Corruption,
Privacy Leak,
Use After Free

Update after testing

CVE-2025-0148

Zoom Jenkins Marketplace Plugin

Before 1.6

2/3/2025

 Information Disclosure

Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.