The Patch Tuesday replace for January 2025 from Microsoft is substantial, with over 150 safety fixes. It even addresses some actively exploited flaws, requiring immediate system updates from the customers.
Microsoft Patch Tuesday January 2025 Overview
Microsoft’s first safety updates for this 12 months embrace a number of necessary safety fixes addressing critical vulnerabilities. Probably the most noteworthy embrace the next actively exploited or publicly disclosed vulnerabilities.
- CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (necessary; CVSS 7.8): Privilege escalation vulnerabilities in Hyper-V NT Kernel Integration Digital Service Supplier (VSP). An attacker might exploit the issues to achieve SYSTEM privileges on the goal gadget. Microsoft confirmed detecting lively exploitation makes an attempt for these vulnerabilities previous to a repair.
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (necessary; CVSS 7.8): Arbitrary code execution vulnerabilities in Microsoft Entry. A distant attacker might exploit these flaws to execute arbitrary codes domestically on the goal machine. Exploiting the flaw merely required social engineering strategies, similar to sending malicious emails, to trick the sufferer consumer into downloading or opening a maliciously crafted file. Microsoft confirmed public disclosure of those vulnerabilities earlier than the repair, however the flaws escaped lively exploitation.
- CVE-2025-21275 (necessary; CVSS 7.8): A publicly disclosed privilege escalation vulnerability in Home windows App Bundle Installer permitting SYSTEM privileges to an adversary.
- CVE-2025-21308 (necessary; CVSS 6.5): A spoofing vulnerability in Home windows Themes. Whereas Microsoft urges customers to replace their techniques as quickly as attainable for this flaw, they even really useful mitigation to forestall the menace – blocking NTLM hash through group coverage. Moreover, this vulnerability doesn’t have an effect on techniques with disabled NTLM.
Alongside these vulnerabilities, Microsoft additionally addressed 11 vital severity flaws and 140 necessary severity points throughout totally different merchandise. These embrace 47 distant code execution, 33 privilege escalation, 19 denial-of-service flaws, 21 data disclosure, 15 safety characteristic bypass flaws, and 4 spoofing vulnerabilities.
Whereas Microsoft ensured the automated rollout of January 2025 Patch Tuesday updates to eligible gadgets, customers ought to nonetheless test their techniques manually for any updates to keep away from potential threats.
Tell us your ideas within the feedback.