Microsoft’s Patch Tuesday update for January 2025 has addressed a total of 159 vulnerabilities, with a significant focus on eight zero-day vulnerabilities. Among these zero-days, three are currently being actively exploited, raising concerns about the potential impact on systems running Microsoft software.
The three zero-days that are under active attack target Elevation of Privilege vulnerabilities within Windows Hyper-V NT Kernel Integration VSP. These vulnerabilities, reported by an anonymous researcher, could enable attackers to escalate their privileges to gain SYSTEM-level access. The specific details of these attacks remain undisclosed, highlighting the critical nature of the situation.
The vulnerabilities identified as actively exploited are labeled as follows:
– CVE-2025-21333: A Heap-Based Buffer Overflow vulnerability with a severity rating of 7.8
– CVE-2025-21334: A Use After Free vulnerability with a severity rating of 7.8
– CVE-2025-21335: Another Use After Free vulnerability with a severity rating of 7.8
In addition to these actively exploited vulnerabilities, the January 2025 Patch Tuesday update also addresses other zero-day vulnerabilities. These include:
– CVE-2025-21275: A Windows App Package Installer Elevation of Privilege vulnerability rated at 7.8, deemed less likely to be exploited
– CVE-2025-21308: A Windows Themes Spoofing Vulnerability rated at 6.5, affecting systems with NTLM enabled and discovered by Blaz Satler of 0patch by ACROS Security
– CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395: Microsoft Access Remote Code Execution vulnerabilities rated at 7.8, associated with the Unpatched.ai vulnerability discovery platform
Furthermore, the update also addresses 17 vulnerabilities deemed at greater risk for exploit but currently not under active attack, emphasizing the importance of system administrators applying these patches promptly to mitigate potential risks.
Apart from Microsoft, other vendors have also released patches on Patch Tuesday, including Adobe, Fortinet, Ivanti, SAP, SonicWall, and Zyxel. The flurry of patch releases has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to add Hyper-V and Fortinet vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the urgent need for organizations to secure their systems promptly.
Overall, the January 2025 Patch Tuesday update underscores the critical role of timely patching and ongoing vigilance in maintaining the security posture of systems and networks in the face of evolving cyber threats. Vigilance, proactive patch management, and adherence to best practices are essential to mitigate the risks posed by vulnerabilities and safeguard against potential exploitation by threat actors.