Windows 10 KB5049981 update released with new BYOVD blocklist
Windows 10 KB5049981 Update and Related Security Enhancements
Overview of the Update
The Windows 10 KB5049981 update, released on January 14, 2025, as part of Microsoft's January 2025 Patch Tuesday, is a mandatory security update. This update does not include new feature additions but focuses on addressing various security vulnerabilities and enhancements124.
Security Fixes and Enhancements
Zero-Day Vulnerabilities and Other Flaws
The KB5049981 update fixes a total of 159 security flaws, including eight zero-day vulnerabilities. One notable fix is for a Windows Theme vulnerability (CVE-2025-21186) that could be exploited by displaying a specially crafted Theme file in Windows Explorer, potentially leading to NTLM credential exposure. This vulnerability was discovered by Blaz Satler with 0patch by ACROS Security2.
Microsoft Access Remote Code Execution Vulnerabilities
The update also addresses three remote code execution vulnerabilities in Microsoft Access (CVE-2025-21366, CVE-2025-21395), which can be exploited when opening specially crafted Microsoft Access documents. To mitigate this, Microsoft has blocked access to certain Microsoft Access file types if they are sent via email2.
Bring Your Own Vulnerable Driver (BYOVD) Attacks
The update includes an important fix for BYOVD attacks by updating the Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b). This update adds to the list of drivers that are at risk for BYOVD attacks, ensuring better protection against such vulnerabilities. This fix is applicable not only to Windows 10 but also to Windows 11 versions34.
Additional Security Measures
NTLM Mitigation
The update mitigates the NTLM vulnerability by recommending the disablement of NTLM or enabling the "Restrict NTLM: Outgoing NTLM traffic to remote servers" policy. This helps prevent the exploitation of NTLM credentials2.
Servicing Stack Updates
While not specific to Windows 10 KB5049981, the January 2025 updates for Windows 11 include servicing stack updates (SSU) that ensure a robust and reliable servicing stack for receiving and installing Microsoft updates. This is relevant as it indicates a broader focus on enhancing the security and stability of the Windows ecosystem3.
Known Issues and Workarounds
OpenSSH Service Issue
Some users may experience issues with the OpenSSH service failing to start after the January 2025 update. This can be temporarily resolved by updating permissions (ACLs) on the affected directories. Microsoft is actively investigating this issue34.
Citrix Components Issue
Devices with certain Citrix components, such as the Citrix Session Recording Agent (SRA) version 2411, may face installation issues with the January 2025 Windows security update. Citrix has documented a workaround for this issue, and Microsoft is working with Citrix to resolve it34.
Download and Installation
The KB5049981 update will automatically download and install on Windows 10 devices. Users can also manually check for the update in the Settings app or download the offline installer from the Microsoft Update Catalog website1.
Conclusion
The Windows 10 KB5049981 update is a critical security update that addresses several significant vulnerabilities, including zero-day exploits and BYOVD attacks. It is part of Microsoft's ongoing efforts to enhance the security and stability of the Windows operating system. Users are advised to ensure their systems are updated to protect against the identified security flaws.
For more detailed information:
