Microsoft has launched its first Patch Tuesday replace of 2025, addressing a staggering 161 security vulnerabilities – the most important variety of fixes in a single month since 2017. As reported by Bleeping Computer, the huge replace contains safety patches for 3 actively exploited zero-day flaws and a number of crucial vulnerabilities that put Windows customers in danger.
January 2025 safety replace Patch Tuesday: 3 crucial zero-day exploits
Essentially the most urgent issues are three actively exploited vulnerabilities in Home windows Hyper-V (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335), all rated with a severity rating of seven.8. These flaws enable attackers to realize SYSTEM-level privileges on affected techniques, doubtlessly enabling them to disable safety instruments or extract credentials to maneuver throughout enterprise networks.
Scope of vulnerabilities
The January 2025 update addresses:
- 40 Elevation of Privilege vulnerabilities.
- 58 Distant Code Execution vulnerabilities.
- 24 Data Disclosure vulnerabilities.
- 20 Denial of Service vulnerabilities.
- 5 Spoofing vulnerabilities.
Microsoft Entry vulnerabilities
Three zero-day vulnerabilities in Microsoft Entry (CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395) require rapid consideration. These flaws might allow distant code execution if an attacker convinces a person to obtain and run a malicious file by social engineering.
Influence on enterprise techniques
Safety specialists warn that the unprecedented dimension of this replace might sign an “ominous” development for 2025. The patches have an effect on quite a few Microsoft merchandise, together with Home windows, Workplace, Azure, SharePoint Server, .NET, Visual Studio, Distant Desktop Providers, BitLocker, and the Home windows Digital Trusted Platform Module.
Pressing motion required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the three actively exploited Hyper-V vulnerabilities to its Identified Exploited Vulnerabilities catalog, giving federal businesses till February 4 to use the patches. Safety specialists strongly advise all system directors to prioritize these updates, significantly for techniques working Hyper-V.
Associated posts
Uncover extra from Microsoft Information At the moment
Subscribe to get the newest posts despatched to your e mail.
