News

Microsoft’s Largest Patch Tuesday Since 2017: 161 Vulnerabilities Fixed in January 2025 Update

Posted by author-avatar
On January 16, 2025
0 comments
Microsoft’s Largest Patch Tuesday Since 2017: 161 Vulnerabilities Fixed in January 2025 Update

[ad_1]

Microsoft has released its January 2025 Patch Tuesday update, with a total of 161 security vulnerabilities across its software portfolio. This makes it the largest number of CVEs (Common Vulnerabilities and Exposures) addressed in a single month by the company since at least 2017, according to the Zero Day Initiative. The update includes 11 vulnerabilities rated as Critical, 149 rated as Important, three zero-day vulnerabilities actively exploited in the wild, and five publicly known vulnerabilities, as reported by The Hacker News.

The three zero-day vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) affect the Windows Hyper-V NT Kernel Integration VSP. All three have a CVSS score of 7.8 and could allow an attacker to gain system privileges. Microsoft has confirmed these vulnerabilities are being actively exploited.

Zero-day vulnerabilities are security flaws unknown to the software vendor that remain unpatched at the time of their discovery. They are called “zero-day” because the vendor has had zero days to create and release a fix.

Among the Critical vulnerabilities patched are:

  • CVE-2025-21294 (Microsoft Digest Authentication Remote Code Execution Vulnerability),

  • CVE-2025-21295 (SPNEGO Extended Negotiation Security Mechanism Remote Code Execution Vulnerability),

  • CVE-2025-21298 (Windows Object Linking and Embedding Remote Code Execution Vulnerability),

  • CVE-2025-21307 (Windows Reliable Multicast Transport Driver Remote Code Execution Vulnerability) and

  • CVE-2025-21311 (Windows NTLM V1 Elevation of Privilege Vulnerability).

Five vulnerabilities were publicly known before the patch release, including three Microsoft Access Remote Code Execution Vulnerabilities (CVE-2025-21186, CVE-2025-21366, CVE-2025-21395), a Windows App Package Installer Elevation of Privilege Vulnerability (CVE-2025-21275), and a Windows Themes Spoofing Vulnerability (CVE-2025-21308).

Not just this, a Windows BitLocker information disclosure flaw (CVE-2025-21210) suggests if someone gets physical access to a hard disk, they could recover hibernation images in plain text.

Security experts recommend quickly applying these patches. Focus first on fixing the zero-day vulnerabilities and critical weaknesses that hackers are currently exploiting.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by Feb. 4, 2025.

[ad_2]

Source link

Newer Super Useful Cycle Gadgets #shorts #gadegts
Back to list
Older Smarter appliances #short #gadegts #furniture

Leave a Reply

Your email address will not be published. Required fields are marked *