Microsoft’s Patch Tuesday update for January 2025 patches 159 vulnerabilities, including eight zero-days, three of which are being actively exploited.
The Microsoft January 2025 Patch Tuesday release note designated 17 of the 159 vulnerabilities as “exploitation more likely,” in addition to the three marked “exploitation detected.”
Hyper-V Vulnerabilities Under Attack
There is little information on the three Elevation of Privilege vulnerabilities under active attack, which affect Windows Hyper-V NT Kernel Integration VSP. The researcher who reported the vulnerabilities remains anonymous. Attackers who successfully exploit the vulnerability could gain SYSTEM privileges, Microsoft noted.
The three vulnerabilities are:
CVE-2025-21333: A 7.8-severity Heap-Based Buffer Overflow vulnerability
CVE-2025-21334: A 7.8-severity Use After Free vulnerability
CVE-2025-21335: A 7.8-severity Use After Free vulnerability
Other Zero-Days in January 2025 Patch Tuesday
The other zero-days in the January 2025 Patch Tuesday update include:
CVE-2025-21275: A 7.8-severity Windows App Package Installer Elevation of Privilege vulnerability that Microsoft has judged “less likely” to be exploited.
CVE-2025-21308: A 6.5-rated Windows Themes Spoofing Vulnerability that affects systems with NTLM enabled. Microsoft credits Blaz Satler of 0patch by ACROS Security for the find. Microsoft notes that “An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.”
CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are 7.8-severity Microsoft Access Remote Code Execution vulnerabilities that Microsoft judges to be at lower risk of exploit. What may be most noteworthy about the vulnerabilities is that they’re attributed to the Unpatched.ai vulnerability discovery platform.
Other High-Risk Microsoft Vulnerabilities
The 17 vulnerabilities at greater risk for exploit but not under active attack include:
- CVE-2025-21189, CVE-2025-21219, CVE-2025-21268, CVE-2025-21328 and CVE-2025-21329: all are 4.3-severity MapUrlToZone Security Feature Bypass vulnerabilities
- CVE-2025-21210: a 4.2-severity Windows BitLocker Information Disclosure vulnerability
- CVE-2025-21269: a 4.3-rated Windows HTML Platforms Security Feature Bypass vulnerability
- CVE-2025-21292: an 8.8-severity Windows Search Service Elevation of Privilege vulnerability
- CVE-2025-21298: a 9.8-severity Windows OLE Remote Code Execution vulnerability
- CVE-2025-21299: a 7.1-rated Windows Kerberos Security Feature Bypass vulnerability
- CVE-2025-21309: an 8.1-rated Windows Remote Desktop Services Remote Code Execution vulnerability
- CVE-2025-21314: A 6.5-severity Windows SmartScreen Spoofing vulnerability
- CVE-2025-21315: A 7.8-rated Microsoft Brokering File System Elevation of Privilege vulnerability
- CVE-2025-21354, CVE-2025-21362 and CVE-2025-21365: 7.8-severity Microsoft Excel Remote Code Execution vulnerabilities
- CVE-2025-21364: a 7.8-rated Microsoft Excel Security Feature Bypass vulnerability.
Other Patch Tuesday Releases: Fortinet, Ivanti and More
Patch Tuesday isn’t limited to Microsoft, as the second Tuesday of each month also sees patch releases from many other vendors.
Some of the other noteworthy updates coming out today include patches from Adobe, Fortinet, Ivanti, SAP, SonicWall and Zyxel.
The blizzard of patch releases kept CISA busy too, as the agency added Hyper-V and Fortinet (CVE-2024-55591) vulnerabilities to its Known Exploited Vulnerabilities catalog.
