Pierluigi Paganini
January 15, 2025
Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and Windows Virtual Trusted Platform Module.
11 of these vulnerabilities are rated Critical, and the other are rated Important in severity. ZDI researchers pointed out that this is the largest number of vulnerabilities addressed in by Microsoft montly security updates since 2017.
Five vulnerabilities are publicly known, while three flaws in Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, CVSS scores of 7.8) are actively exploited in the wild.
These three flaws are Elevation of Privilege issues in Hyper-V, authenticated users can exploit them to execute code with SYSTEM privileges.
Another interesting issue addressed with the release of Patch Tuesday security updates is a Windows OLE Remote Code Execution Vulnerability tracked as CVE-2025-21298 (CVSS score of 9.8).
A remote attacker can exploit the vulnerability to execute code on a target system by sending a specially crafted mail to an affected system with Outlook. The experts explained that the preview pane is not an attack vector, but previewing an attachment could trigger the code execution. The flaw is related the RTF files parsing.
A lack of validation of user-supplied data causes memory corruption. Experts to install the patch immediately, however mitigation includes reading mail in Outlook as plain text.
Microsoft also fixed a couple of Windows Remote Desktop Services Remote Code Execution issues tracked as CVE-2025-21297/CVE-2025-21309. Both vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code by triggering a race condition. Exploitation requires no user interaction.
The full list of vulnerabilities addressed by Microsoft with Microsoft Patch Tuesday security updates for January 2025 is available here.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Patch Tuesday)
