Microsoft has rolled out its January 2025 Patch Tuesday update, addressing 159 security vulnerabilities, including eight zero-day exploits, with three actively exploited in cyberattacks.
This update also patches twelve critical vulnerabilities, covering security risks like privilege escalation, information disclosure, and remote code execution.
Breakdown of Vulnerabilities in This Month’s Update
The security fixes span multiple categories, including:
- 40 Elevation of Privilege Vulnerabilities
- 14 Security Feature Bypass Vulnerabilities
- 58 Remote Code Execution Vulnerabilities
- 24 Information Disclosure Vulnerabilities
- 20 Denial of Service Vulnerabilities
- 5 Spoofing Vulnerabilities
For details on non-security-related updates, refer to our coverage on the Windows 11 KB5050009 & KB5050021 cumulative updates and the Windows 10 KB5048652 cumulative update.
Three Actively Exploited Zero-Day Vulnerabilities Fixed
This month’s Patch Tuesday resolves three zero-day vulnerabilities that were actively exploited, along with five additional publicly disclosed zero-days.
What is a Zero-Day Vulnerability?
Microsoft categorizes a zero-day exploit as a security flaw that has been publicly disclosed or actively exploited without an official patch available at the time.
Details on the Actively Exploited Zero-Day Flaws
Microsoft has patched three privilege escalation vulnerabilities in Windows Hyper-V, which attackers used to obtain SYSTEM privileges on Windows devices.
While no specific details on how these vulnerabilities were exploited have been shared, all three were disclosed anonymously. Their sequential CVE identifiers suggest they may have been discovered through the same attack vector.
Publicly Disclosed Zero-Day Vulnerabilities
CVE-2025-21275 – Windows App Package Installer Privilege Escalation
Microsoft has addressed a privilege escalation vulnerability in the Windows App Package Installer, which could allow attackers to gain SYSTEM privileges. This flaw was submitted to Microsoft anonymously.
CVE-2025-21308 – Windows Themes Spoofing Vulnerability
A Windows Theme spoofing vulnerability has been patched, which could be exploited simply by viewing a specially crafted Theme file in Windows Explorer.
According to Microsoft’s advisory, attackers could lure users into loading a malicious file via email or instant messaging. This flaw is a bypass of a previously tracked vulnerability (CVE-2024-38030) and was discovered by Blaz Satler of 0patch by ACROS Security.
When a vulnerable Theme file is previewed in Windows Explorer, it automatically sends NTLM authentication requests to a remote host, potentially exposing the user’s NTLM credentials. These credentials could be cracked to reveal the plaintext password or used in pass-the-hash attacks.
Mitigation Measures for CVE-2025-21308
Microsoft advises organizations to disable NTLM authentication or enable the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy to mitigate this threat.
Why This Update Matters for Cybersecurity
With cyber threats evolving rapidly, timely Patch Tuesday updates are crucial for mitigating security risks and protecting sensitive data. Businesses and individuals are urged to install these updates immediately to safeguard their systems against potential cyberattacks.
For the latest insights on cybersecurity, vulnerability patches, and Microsoft updates, stay tuned to our blog.
Microsoft Addresses Three Critical Microsoft Access RCE Vulnerabilities in January 2025 Patch Tuesday
Microsoft has patched three remote code execution (RCE) vulnerabilities in Microsoft Access, tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395. These security flaws are exploited when users open specially crafted Microsoft Access files, potentially allowing attackers to execute arbitrary code on the system.
To mitigate this risk, Microsoft has blocked access to the following Microsoft Access file types when sent via email:
- .accdb
- .accde
- .accdw
- .accdt
- .accda
- .accdr
- .accdu
A notable aspect of these vulnerabilities is that Unpatched.ai, an AI-powered vulnerability detection platform, was responsible for discovering all three flaws.
Security Updates from Other Major Companies (January 2025)
In addition to Microsoft, several other tech companies have rolled out security patches to address various vulnerabilities:
Adobe
- Released updates for Photoshop, Substance3D Stager & Designer, Adobe Illustrator for iPad, and Adobe Animate to patch critical security flaws.
Cisco
- Published security updates for Cisco ThousandEyes Endpoint Agent and Cisco Crosswork Network Controller to address vulnerabilities.
Ivanti
- Patched a zero-day vulnerability in Connect Secure, which had been exploited in targeted attacks to deploy custom malware.
Fortinet
- Fixed an authentication bypass zero-day vulnerability in FortiOS and FortiProxy, which had been actively exploited since November 2024.
GitHub
- Released security updates for two critical vulnerabilities in Git.
Moxa
- Addressed high-severity and critical vulnerabilities in industrial networking and communication devices.
ProjectDiscovery
- Released patches for a Nuclei vulnerability, originally discovered in September 2024, that allowed malicious templates to bypass signature verification.
SAP
- Released security updates for multiple products, including patches for two critical (9.9/10) vulnerabilities in SAP NetWeaver.
SonicWall
- Fixed an authentication bypass vulnerability in SSL VPN and SSH management, which was at risk of active exploitation.
Zyxel
- Released patches for an improper privilege management vulnerability in its web management interface.
source: bleepingcomputer
