Tech News
Microsoft Released Huge Patch Tuesday Update For January 2025
The Patch Tuesday update for January 2025 from Microsoft is substantial, with over 150 security fixes. It even addresses some actively exploited flaws, requiring prompt system updates from the users.
Microsoft Patch Tuesday January 2025 Overview
Microsoft’s first security updates for this year include several important security fixes addressing serious vulnerabilities. The most noteworthy include the following actively exploited or publicly disclosed vulnerabilities.
- CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (important; CVSS 7.8): Privilege escalation vulnerabilities in Hyper-V NT Kernel Integration Virtual Service Provider (VSP). An attacker could exploit the flaws to gain SYSTEM privileges on the target device. Microsoft confirmed detecting active exploitation attempts for these vulnerabilities prior to a fix.
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (important; CVSS 7.8): Arbitrary code execution vulnerabilities in Microsoft Access. A remote attacker could exploit these flaws to execute arbitrary codes locally on the target machine. Exploiting the flaw merely required social engineering techniques, such as sending malicious emails, to trick the victim user into downloading or opening a maliciously crafted file. Microsoft confirmed public disclosure of these vulnerabilities before the fix, but the flaws escaped active exploitation.
- CVE-2025-21275 (important; CVSS 7.8): A publicly disclosed privilege escalation vulnerability in Windows App Package Installer allowing SYSTEM privileges to an adversary.
- CVE-2025-21308 (important; CVSS 6.5): A spoofing vulnerability in Windows Themes. While Microsoft urges users to update their systems as soon as possible for this flaw, they even recommended mitigation to prevent the threat – blocking NTLM hash via group policy. Besides, this vulnerability doesn’t affect systems with disabled NTLM.
Alongside these vulnerabilities, Microsoft also addressed 11 critical severity flaws and 140 important severity issues across different products. These include 47 remote code execution, 33 privilege escalation, 19 denial-of-service flaws, 21 information disclosure, 15 security feature bypass flaws, and 4 spoofing vulnerabilities.
While Microsoft ensured the automatic rollout of January 2025 Patch Tuesday updates to eligible devices, users should still check their systems manually for any updates to avoid potential threats.
Let us know your thoughts in the comments.
Portrait of Palestinian boy who lost both arms in Israeli strike wins World Press Photo 2025
Following a weekend of tariff tension, Japanese video game industry sees stock price tumble – Sony, Nintendo, Capcom and more impacted
Watch from the passenger seat as the new Porsche 911 GT3 sets a record at the Nürburgring
Withings ScanWatch Nova Brilliant Review: Beauty and the Heartbeat
‘For our physical safety’: Why some Americans are looking for asylum in Canada – New Brunswick
Indian aviation set to fly youngest fleet and reduce emissions by 2028, BA
Imposter Syndrome Is Rooted in Your Past But Here’s How You Can Rewire It
Recruiter stunned by job seeker’s ‘red flag’ question
A “special livestream” for FBC: Firebreak is set for 24th April
OpenAI pursued Cursor maker before entering into talks to buy Windsurf for $3B
Singapore Airlines CEO set to join board of Air India, BA News, BA
Croatia to reintroduce compulsory military draft as regional tensions soar
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Bangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
Have Unlimited Korean Food at MANY Unlimited Topokki!
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 of the Best Trike & Tricycles Mums Recommend
Soccer team’s drone at center of Paris Olympics spying scandal
Satisfy Your Meat and BBQ Cravings While in Texas
15 Best Magnetic Tile Race Tracks for Kids!
-
Destination7 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Breaking News8 months agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Tech News11 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Breaking News8 months agoBangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
-
Guides & Tips9 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Gaming8 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Toys10 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Tech News9 months agoSoccer team’s drone at center of Paris Olympics spying scandal