Microsoft’s January 2025 Patch Tuesday addresses a total of 159 vulnerabilities, including eight zero-day flaws, with three being actively exploited in the wild. This month’s update also fixes twelve critical vulnerabilities across several categories, such as information disclosure, elevation of privilege, and remote code execution (RCE).
Breakdown of Vulnerabilities
The vulnerabilities addressed this month are categorized as follows:
- 40 Elevation of Privilege vulnerabilities
- 14 Security Feature Bypass vulnerabilities
- 58 Remote Code Execution (RCE) vulnerabilities
- 24 Information Disclosure vulnerabilities
- 20 Denial of Service (DoS) vulnerabilities
- 5 Spoofing vulnerabilities
Additional details on non-security updates can be found in our articles on the Windows 11 KB5050009 & KB5050021 cumulative updates and the Windows 10 KB5048652 cumulative update.
Zero-Day Vulnerabilities
This month’s Patch Tuesday resolves eight zero-day vulnerabilities, with three actively exploited and five publicly disclosed:
Actively Exploited Zero-Days
CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Affects: Windows Hyper-V These vulnerabilities allow attackers to gain SYSTEM privileges on Windows devices. The flaws were disclosed anonymously, and while specific exploitation details are unavailable, the sequential CVE numbers suggest they were found in related attacks. Each vulnerability affects how the Hyper-V NT Kernel Integration VSP handles privilege elevation, making them critical targets for attackers.
Publicly Disclosed Zero-Days
CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability
Affects: Windows App Package Installer This vulnerability can be exploited to gain SYSTEM privileges, posing significant risks for environments where App Package Installer is used. Disclosed anonymously, this flaw underscores the importance of patching immediately to mitigate potential privilege escalation attacks.
CVE-2025-21308 | Windows Themes Spoofing Vulnerability
Affects: Windows Themes This vulnerability allows attackers to exploit Windows Theme files by convincing users to load malicious files. When the file is viewed in Windows Explorer, it may send the logged-in user’s NTLM credentials to a remote host. Mitigations include disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy.
CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability
Affects: Microsoft Access These vulnerabilities are exploited by opening specially crafted Microsoft Access documents. To mitigate this risk, Microsoft has blocked certain Access file types when sent via email.
Vendor Updates: Adobe, Cisco, Ivanti, and More
Adobe: Security updates were released for Photoshop, Substance3D Stager and Designer, Adobe Illustrator for iPad, and Adobe Animate.
Cisco: Multiple products, including Cisco ThousandEyes Endpoint Agent and Cisco Crosswork Network Controller, received critical patches.
Ivanti: Addressed a Connect Secure flaw that had been exploited to deploy custom malware.
Fortinet: Released a patch for an authentication bypass zero-day vulnerability in FortiOS and FortiProxy, which had been exploited since November.
Recommendations for Users and Administrators
Given the critical nature of the vulnerabilities addressed in January 2025 Patch Tuesday, it is imperative that users and administrators apply these updates promptly. Prioritizing patches for actively exploited zero-days and other critical flaws will help mitigate the risk of exploitation. For comprehensive guidance, refer to Microsoft’s security documentation or consult your IT security team.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
