Microsoft today released updates to patch 161 security vulnerabilities Windows and related software, which includes three “zero-day” vulnerabilities that are already under active attack. Redmond’s first Patch Tuesday of 2025 includes more fixes than the company has shipped at once since 2017.
Immediately7‘s Adam Barnett says January marks the fourth month in a row that Microsoft has published zero-day vulnerabilities in Patch Tuesday without evaluating any of them as critical vulnerabilities at press time. Nine remote code execution (RCE) vulnerabilities were also published today.
Microsoft’s bugs that already detect active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it- CVE-2025-21335. These are sequential because they all live inside Windows Hyper-Vthe most embedded part of modernity Windows 11 operating systems and used security features including device guard and authentication guard.
Tenable’s Satnam Narang says that little is known about the open exploitation of these errors, other than that they are all “privileges”. Narang said that we often see a large increase in bugs exploited in the wild like zero days on Patch Tuesday because it is not always the first access to the system that is challenging for attackers as they have different methods of their pursuit.
“Like rising privilege bugs, they are used as part of a post-compromise operation, when the attacker has already accessed the target system,” he said. “It’s like if an attacker can get into a secure building, he can access the most secure parts of the facility because he has to show that he has permission. In this case, they are able to trick the system into believing that they should get permission. “
Several of the bugs discussed today received a CVSS (threat rating) score of 9.8 out of a possible 10, including CVE-2025-21298, a vulnerability in Windows that could allow attackers to execute arbitrary code by finding a target for malicious activation. .rtf files, which are documents usually opened in Office programs such as Microsoft Word. Microsoft has rated the flaw as a “highly potential exploit.”
Bob Hopkins of Focused Labs look at CVE-2025-21311, a “critical” 9.8 bug Windows NTLMv1 (NT LAN Manager Version 1), an older Microsoft authentication protocol still used by many organizations.
“What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can access the vulnerable machine(s) over the Internet, and the attacker does not need significant knowledge or skills to achieve repeatable success with the same payload in any location. vulnerable part,” Hopkins wrote.
Kev Breen in Immersive points to an interesting bug (CVE-2025-21210) that Microsoft has fixed in its full disk encryption suite. Bitlocker that the software giant called “the most likely exploit.” Specifically, this bug indicates that in some cases the mask image created when someone closes the laptop lid while Windows is open may not be fully encrypted and may be detected as plain text.
“Hibernation images are used when the laptop goes to sleep and contain content that was stored in RAM while the device was idle,” Breen notes. “This presents a major potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can be recovered by free tools from hibernation files.”
Tenable’s Narang also highlighted three risks to Microsoft Access it was patched this month and uploaded to Unpatched.ai, an artificial intelligence-assisted security research effort that looks for code vulnerabilities. Tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395, these are remote code execution bugs that can be exploited if an attacker convinces a target to download and run a malicious file via a public engineer. Unpatched.ai was also credited with finding a bug in the December 2024 Patch Tuesday release (CVE-2024-49142).
“Automated vulnerability detection using AI has attracted a lot of attention recently, so it’s remarkable to see this service recognized for finding bugs in Microsoft products,” Narang noted. “It could be the first of many in 2025.”
If you’re a Windows user who has automatic updates turned off and hasn’t updated in a while, it’s probably time to play catch up. Please consider backing up important files and/or the entire hard drive before updating. And if you’re having any problems installing this month’s patch batch, please drop a line in the comments below.
Read more about today’s patches from Microsoft:
An active blog
SANS Internet Storm Center
Woody asked
Source link