Tech News
Microsoft Released Huge Patch Tuesday Update For January 2025
The Patch Tuesday update for January 2025 from Microsoft is substantial, with over 150 security fixes. It even addresses some actively exploited flaws, requiring prompt system updates from the users.
Microsoft Patch Tuesday January 2025 Overview
Microsoft’s first security updates for this year include several important security fixes addressing serious vulnerabilities. The most noteworthy include the following actively exploited or publicly disclosed vulnerabilities.
- CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (important; CVSS 7.8): Privilege escalation vulnerabilities in Hyper-V NT Kernel Integration Virtual Service Provider (VSP). An attacker could exploit the flaws to gain SYSTEM privileges on the target device. Microsoft confirmed detecting active exploitation attempts for these vulnerabilities prior to a fix.
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (important; CVSS 7.8): Arbitrary code execution vulnerabilities in Microsoft Access. A remote attacker could exploit these flaws to execute arbitrary codes locally on the target machine. Exploiting the flaw merely required social engineering techniques, such as sending malicious emails, to trick the victim user into downloading or opening a maliciously crafted file. Microsoft confirmed public disclosure of these vulnerabilities before the fix, but the flaws escaped active exploitation.
- CVE-2025-21275 (important; CVSS 7.8): A publicly disclosed privilege escalation vulnerability in Windows App Package Installer allowing SYSTEM privileges to an adversary.
- CVE-2025-21308 (important; CVSS 6.5): A spoofing vulnerability in Windows Themes. While Microsoft urges users to update their systems as soon as possible for this flaw, they even recommended mitigation to prevent the threat – blocking NTLM hash via group policy. Besides, this vulnerability doesn’t affect systems with disabled NTLM.
Alongside these vulnerabilities, Microsoft also addressed 11 critical severity flaws and 140 important severity issues across different products. These include 47 remote code execution, 33 privilege escalation, 19 denial-of-service flaws, 21 information disclosure, 15 security feature bypass flaws, and 4 spoofing vulnerabilities.
While Microsoft ensured the automatic rollout of January 2025 Patch Tuesday updates to eligible devices, users should still check their systems manually for any updates to avoid potential threats.
Let us know your thoughts in the comments.
5 Amazing Benefits Of Stacking Toy
Nordic founders are taking bigger swings, and it’s paying off
5 Apps To Speed Up Your Google TV Device
Trump threatens ABC News for reporter’s questions on his family business in Saudi Arabia, Khashoggi’s murder and Epstein files
The Best Sunglasses for Travel + Must Have Accessories » Local Adventurer » Travel Adventures in Las Vegas + World Wide
This Silent Habit Might Be Sabotaging Your Career
The Four Types of Happiness: Which One Are You Living In?
Halloween Events in London 2025
Join the peaceful demonstrations for democracy
Cute and Thankful Sayings for the People You Love
Croatia to reintroduce compulsory military draft as regional tensions soar
Singapore Airlines CEO set to join board of Air India, BA News, BA
Supernatural Season 16 Revival News, Cast, Plot and Release Date
How Your Contact Center Can Become A Customer Engagement Center
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Google Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Fallout Season 2 Potential Release Date, Cast, Plot and News
15 of the Best Trike & Tricycles Mums Recommend
17 Signs You Travel A Lot
-
Breaking News2 years agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Destination1 year agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Gadgets1 year agoSupernatural Season 16 Revival News, Cast, Plot and Release Date
-
Productivity2 years agoHow Your Contact Center Can Become A Customer Engagement Center
-
Tech News2 years agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Gadgets10 months agoGoogle Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
-
Gaming2 years agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Gadgets10 months agoFallout Season 2 Potential Release Date, Cast, Plot and News