Tech News
Microsoft Released Huge Patch Tuesday Update For January 2025
The Patch Tuesday update for January 2025 from Microsoft is substantial, with over 150 security fixes. It even addresses some actively exploited flaws, requiring prompt system updates from the users.
Microsoft Patch Tuesday January 2025 Overview
Microsoft’s first security updates for this year include several important security fixes addressing serious vulnerabilities. The most noteworthy include the following actively exploited or publicly disclosed vulnerabilities.
- CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (important; CVSS 7.8): Privilege escalation vulnerabilities in Hyper-V NT Kernel Integration Virtual Service Provider (VSP). An attacker could exploit the flaws to gain SYSTEM privileges on the target device. Microsoft confirmed detecting active exploitation attempts for these vulnerabilities prior to a fix.
- CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (important; CVSS 7.8): Arbitrary code execution vulnerabilities in Microsoft Access. A remote attacker could exploit these flaws to execute arbitrary codes locally on the target machine. Exploiting the flaw merely required social engineering techniques, such as sending malicious emails, to trick the victim user into downloading or opening a maliciously crafted file. Microsoft confirmed public disclosure of these vulnerabilities before the fix, but the flaws escaped active exploitation.
- CVE-2025-21275 (important; CVSS 7.8): A publicly disclosed privilege escalation vulnerability in Windows App Package Installer allowing SYSTEM privileges to an adversary.
- CVE-2025-21308 (important; CVSS 6.5): A spoofing vulnerability in Windows Themes. While Microsoft urges users to update their systems as soon as possible for this flaw, they even recommended mitigation to prevent the threat – blocking NTLM hash via group policy. Besides, this vulnerability doesn’t affect systems with disabled NTLM.
Alongside these vulnerabilities, Microsoft also addressed 11 critical severity flaws and 140 important severity issues across different products. These include 47 remote code execution, 33 privilege escalation, 19 denial-of-service flaws, 21 information disclosure, 15 security feature bypass flaws, and 4 spoofing vulnerabilities.
While Microsoft ensured the automatic rollout of January 2025 Patch Tuesday updates to eligible devices, users should still check their systems manually for any updates to avoid potential threats.
Let us know your thoughts in the comments.
Blockchain Development for Business: Successful Implementation Cases in 2024-2025
Srinagar’s Jama Masjid shut, police book organisers of procession
MindsEye release date set for June 10th
Nintendo used its new app to announce the ‘Legend of Zelda’ movie release date
Apple TV+ Murderbot Series Release Date, Cast, Plot And News
Winter returns as Winnipeg walloped by spring snowstorm – Winnipeg
151 Short Funny Quotes That Will Make You Laugh (Hilarious and Helpful Stress Relief)
Why Musk, Bezos and Gates all want a piece of Greenland
Marvel Rivals performance bottlenecks are “a very big problem”, agree NetEase, but don’t worry, they’re adding a box
Nvidia’s new rule could help you pick the right gaming laptop. Here’s why
Singapore Airlines CEO set to join board of Air India, BA News, BA
Croatia to reintroduce compulsory military draft as regional tensions soar
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Bangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 Best Magnetic Tile Race Tracks for Kids!
15 of the Best Trike & Tricycles Mums Recommend
Have Unlimited Korean Food at MANY Unlimited Topokki!
Satisfy Your Meat and BBQ Cravings While in Texas
Soccer team’s drone at center of Paris Olympics spying scandal
-
Destination6 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Breaking News7 months agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Tech News10 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Breaking News8 months agoBangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
-
Gaming7 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Toys8 months ago15 Best Magnetic Tile Race Tracks for Kids!
-
Toys10 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Guides & Tips8 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!