Microsoft commenced 2025 with a comprehensive update, addressing 161 vulnerabilities in its software as part of its Patch Tuesday initiative, including three actively exploited zero-day flaws.
Among these vulnerabilities, 11 are classified as critical, while 149 are deemed important. Additionally, a flaw in Windows Secure Boot (CVE-2024-7344), lacking an official severity rating, has been patched. According to the Zero Day Initiative, this marks the largest single security patch release since 2017.
Particular attention has been drawn to three vulnerabilities in Windows Hyper-V NT Kernel Integration VSP: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, each assigned a CVSS score of 7.8 and known to be actively exploited. Microsoft revealed that successful exploitation of these vulnerabilities allows attackers to gain SYSTEM-level privileges. Notably, CISA has added them to its Known Exploited Vulnerabilities (KEV) catalog, mandating U.S. federal agencies to apply the patches by February 4, 2025.
Moreover, five vulnerabilities were disclosed publicly prior to the release of patches, including:
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 – Microsoft Access vulnerabilities (RCE, CVSS 7.8);
- CVE-2025-21275 – a privilege escalation vulnerability in Windows App Package Installer;
- CVE-2025-21308 – a flaw in Windows Themes exposing NTLM hashes.
Three of these (Microsoft Access vulnerabilities) were identified by the platform Unpatched.ai. Although classified as RCEs, their exploitation requires users to execute specially crafted files.
The January Patch Tuesday also remedied five critical vulnerabilities, including:
- CVE-2025-21294 – remote code execution via Digest Authentication (CVSS 8.1);
- CVE-2025-21298 – RCE via OLE (CVSS 9.8);
- CVE-2025-21307 – a flaw in the RMCAST driver (CVSS 9.8);
- CVE-2025-21311 – privilege escalation via NTLM V1 (CVSS 9.8).
In one scenario, attackers could send a specially crafted email, where merely viewing the message in Microsoft Outlook could trigger remote code execution.
Among the most significant vulnerabilities are CVE-2025-21295, enabling the execution of malicious code remotely without user interaction, and CVE-2025-21294, linked to a flaw in Digest Authentication.
Another notable threat is CVE-2025-21210, associated with Windows BitLocker. This vulnerability permits attackers with physical access to a device to extract data from hibernation files, increasing the risk of password leakage, exposure of personal information, and other sensitive data breaches.
The constant evolution of cyber threats underscores the critical need for swift responses and timely security updates. In a world where every vulnerability represents a potential entry point for attackers, proactive measures and robust risk management are indispensable for safeguarding data and infrastructure.
