The Patch Tuesday replace for January 2025 from Microsoft is substantial, with over 150 safety fixes. It even addresses some actively exploited flaws, requiring immediate system updates from the customers.
Microsoft Patch Tuesday January 2025 Overview
Microsoft’s first safety updates for this yr embrace a number of essential safety fixes addressing critical vulnerabilities. Essentially the most noteworthy embrace the next actively exploited or publicly disclosed vulnerabilities.
- CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (essential; CVSS 7.8): Privilege escalation vulnerabilities in Hyper-V NT Kernel Integration Digital Service Supplier (VSP). An attacker might exploit the failings to realize SYSTEM privileges on the goal gadget. Microsoft confirmed detecting lively exploitation makes an attempt for these vulnerabilities previous to a repair.
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (essential; CVSS 7.8): Arbitrary code execution vulnerabilities in Microsoft Entry. A distant attacker might exploit these flaws to execute arbitrary codes domestically on the goal machine. Exploiting the flaw merely required social engineering methods, akin to sending malicious emails, to trick the sufferer consumer into downloading or opening a maliciously crafted file. Microsoft confirmed public disclosure of those vulnerabilities earlier than the repair, however the flaws escaped lively exploitation.
- CVE-2025-21275 (essential; CVSS 7.8): A publicly disclosed privilege escalation vulnerability in Home windows App Package deal Installer permitting SYSTEM privileges to an adversary.
- CVE-2025-21308 (essential; CVSS 6.5): A spoofing vulnerability in Home windows Themes. Whereas Microsoft urges customers to replace their programs as quickly as potential for this flaw, they even advisable mitigation to stop the menace – blocking NTLM hash through group coverage. In addition to, this vulnerability doesn’t have an effect on programs with disabled NTLM.
Alongside these vulnerabilities, Microsoft additionally addressed 11 vital severity flaws and 140 essential severity points throughout totally different merchandise. These embrace 47 distant code execution, 33 privilege escalation, 19 denial-of-service flaws, 21 info disclosure, 15 safety function bypass flaws, and 4 spoofing vulnerabilities.
Whereas Microsoft ensured the automated rollout of January 2025 Patch Tuesday updates to eligible gadgets, customers ought to nonetheless examine their programs manually for any updates to keep away from potential threats.
Tell us your ideas within the feedback.
