Critical Security Updates: Microsoft Jan 2025 Patch Tuesday Fixes 8 Zero-Days & 159 Vulnerabilities
Summary
Microsoft has released its January 2025 Patch Tuesday updates, delivering critical fixes. Key products impacted include Windows Telephony Service, Windows Digital Media, and MSMQ, among others.
Key take away:
- Microsoft addressed 159 vulnerabilities across multiple products, including eight zero-day flaws, with three actively exploited in the January 2025 Patch Tuesday updates.
- Key vulnerabilities include privilege escalation flaws in Hyper-V and remote code execution bugs in Microsoft Excel.
- This marks highest number of fixes in a single month since at least 2017.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-01-14 |
| No. of Vulnerabilities Patched | 159 |
| Actively Exploited | yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Critical updates were issued for Windows Hyper-V, Windows Themes, Microsoft Access, and Windows App Package Installer. The vulnerabilities include elevation of privilege, remote code execution, and spoofing attacks, impacting various systems. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 58 Remote Code Execution (RCE) Vulnerabilities
- 40 Elevation of Privilege (EoP) Vulnerabilities
- 22 Information Disclosure Vulnerabilities
- 20 Denial of Service (DoS) Vulnerabilities
- 14 Security Feature Bypass
- 5 Spoofing Vulnerabilities
The highlighted vulnerabilities include 8 zero-day flaws, 3 of which are currently being actively exploited.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Elevation of privilege vulnerability | CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows | High | 7.8 |
| Elevation of Privilege Vulnerability | CVE-2025-21275 | Windows | High | 7.8 |
| Remote Code Execution Vulnerability | CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 | Windows | High | 7.8 |
| Spoofing Vulnerability | CVE-2025-21308 | Windows | Medium | 6.5 |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel | No information has been released on how elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel Integration VSP, which allow attackers to gain SYSTEM privileges, were exploited in attacks, as they were disclosed anonymously. | Allow attackers to gain SYSTEM privileges |
| CVE-2025-21275 | Windows App Package Installer | Elevation of privilege vulnerability in the Windows App Package Installer, potentially leading to SYSTEM privileges. | Attackers could gain SYSTEM privileges |
| CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 | Microsoft Access | Remote code execution vulnerabilities in Microsoft Access, exploitable via specially crafted Access documents. | Remote Code Execution |
| CVE-2025-21308 | Windows Themes | Spoofing vulnerability in Windows Themes; viewing a specially crafted theme file in Windows Explorer can lead to NTLM credential theft. | NTLM credential theft |
Source: Microsoft
Additional Critical Patches Address High-Severity Vulnerabilities
- Eight of this month’s patches address Virtual Secure Mode components, requiring administrators to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues. (CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370).
- Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311).
- Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298).
Remediation:
- Apply Updates: Immediately install the January 2025 Patch Tuesday updates to address these vulnerabilities.
- Disable NTLM: For CVE-2025-21308, consider disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy to mitigate the risk.
- Exercise Caution with Untrusted Files: Avoid opening or interacting with files from untrusted sources, especially those with extensions associated with Microsoft Access.
Conclusion:
The January 2025 Patch Tuesday release addresses critical vulnerabilities that could allow attackers to gain elevated privileges, execute arbitrary code, or steal credentials. Prompt application of these updates is essential to maintain system security. Additionally, implementing recommended mitigations, such as disabling NTLM, can provide further protection against potential exploits.
References:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
