Microsoft January 2025 Patch Tuesday - 159 Vulnerabilities Fixed, Including 10 Critical RCE's - CybersecurityNews

Microsoft January 2025 Patch Tuesday: Key Details and Vulnerabilities
On January 14, 2025, Microsoft released its first security update of the year as part of the January 2025 Patch Tuesday, addressing a significant number of vulnerabilities across various Microsoft products.
Number and Types of Vulnerabilities
- The update fixes a total of 159 vulnerabilities, which is one of the largest single-month patches in recent years, exceeding the usual number of fixes seen in January34.
- These vulnerabilities include:
- Remote Code Execution (RCE) Flaws: 58 vulnerabilities, with 10 classified as Critical RCE vulnerabilities4.
- Elevation of Privilege Issues: 40 vulnerabilities.
- Information Disclosure Vulnerabilities: 24 vulnerabilities.
- Denial of Service Problems: 20 vulnerabilities.
- Security Feature Bypass Vulnerabilities: 14 vulnerabilities.
- Spoofing Vulnerabilities: 5 vulnerabilities1.
Critical and Actively Exploited Vulnerabilities
- Actively Exploited Zero-Days: Three zero-day vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) affecting Windows Hyper-V NT Kernel Integration VSP are being actively exploited. These flaws could allow attackers to gain SYSTEM privileges on Windows devices1.
- Critical RCE Vulnerabilities:
- Microsoft Excel: CVE-2025-21362 and CVE-2025-21354, allowing remote code execution if a user opens a specially crafted file4.
- Windows Remote Desktop Services: CVE-2025-21309 and CVE-2025-21297, enabling remote code execution through maliciously crafted connections or files4.
- Windows Reliable Multicast Transport Driver (RMCAST): CVE-2025-21307, allowing remote attackers to execute arbitrary code4.
- Windows NTLM V1: CVE-2025-21311, a critical vulnerability that could allow privilege escalation4.
Other Notable Vulnerabilities
- Windows Themes Spoofing Vulnerability: CVE-2025-21308, discovered by Blaz Satler of 0patch by ACROS Security, which could expose NTLM credentials when users view specially crafted Theme files in Windows Explorer1.
- Microsoft Access: Three remote code execution vulnerabilities (CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395) have been addressed. As a mitigation measure, Microsoft is now blocking various Access document types (.accdb, .accde, .accdw, .accdt, .accda, .accdr, and .accdu) when received via email1.
Update Details
- The patches are available for Windows 11 versions 24H2, 23H2, and 22H2, as well as Windows 10 version 22H2. The specific updates are:
- KB5050009 for Windows 11 version 24H2.
- KB5050021 for Windows 11 versions 23H2 and 22H2.
- KB5049981 for Windows 10 version 22H23.
Recommendations
- Microsoft and security agencies such as CISA recommend that users and administrators apply these updates promptly to protect against potential exploitation by cyber threat actors23.
Resources
For detailed information on the vulnerabilities and updates, users can refer to the following resources:
- Microsoft's official security update documentation5.
- The list of vulnerabilities and their respective CVEs provided by Microsoft and security analysts14.
This update underscores Microsoft's continued focus on security, following their announcement last year that security would be their top priority3.