Microsoft January 2025 Patch Tuesday: Fixing 8 Zero-Days and 159 Vulnerabilities

Microsoft January 2025 Patch Tuesday: Fixing 8 Zero-Days and 159 Vulnerabilities

Microsoft has kicked off 2025 with a significant Patch Tuesday release, addressing a record-breaking number of security vulnerabilities. With updates for 159 flaws, including eight zero-day vulnerabilities—three of which are actively exploited in the wild—this month’s updates underscore the importance of maintaining a robust cybersecurity posture.

A Record-Setting Patch Tuesday

The January 2025 Patch Tuesday marks the largest number of vulnerabilities addressed in a single month since at least 2017. The updates span a variety of critical areas, from elevation of privilege to remote code execution. The breakdown of vulnerabilities by category is as follows:

40 Elevation of Privilege Vulnerabilities

14 Security Feature Bypass Vulnerabilities

58 Remote Code Execution Vulnerabilities

24 Information Disclosure Vulnerabilities

20 Denial of Service Vulnerabilities

5 Spoofing Vulnerabilities

Among these, Microsoft has classified twelve vulnerabilities as “Critical,” including several that pose significant risks of privilege escalation, information disclosure, and remote code execution.

Highlighting the Zero-Day Vulnerabilities

Zero-day vulnerabilities are particularly concerning because they are either publicly disclosed or actively exploited before a patch is available. This month’s update addresses eight such flaws, three of which were actively exploited in attacks:

1. Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

These three vulnerabilities, all linked to Windows Hyper-V, allowed attackers to gain SYSTEM privileges on Windows devices. By exploiting these flaws, malicious actors could significantly escalate their access level, creating opportunities for further compromise within affected systems.

2. Windows App Package Installer Elevation of Privilege Vulnerability (CVE-2025-21275)

This vulnerability in the Windows App Package Installer could allow attackers to gain SYSTEM privileges. SYSTEM privileges provide extensive access to a device, enabling attackers to manipulate data, install malicious programs, and even create new administrative accounts.

3. Windows Themes Spoofing Vulnerability (CVE-2025-21308)

Exploiting this flaw involves using a specially crafted Windows Theme file. When such a file is displayed in Windows Explorer, it triggers authentication requests to a remote host, including the user’s NTLM credentials. These credentials can then be cracked or used in pass-the-hash attacks. This vulnerability highlights the risks associated with NTLM authentication, emphasizing the importance of disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy.

Addressing Remote Code Execution Vulnerabilities

Among the 58 remote code execution vulnerabilities fixed this month, three in Microsoft Access stand out due to their discovery by Unpatched.ai, an AI-driven vulnerability discovery platform:

Microsoft Access Remote Code Execution Vulnerabilities (CVE-2025-21186, CVE-2025-21366, CVE-2025-21395)

These vulnerabilities are triggered when specially crafted Microsoft Access documents are opened. To mitigate the risks, Microsoft has blocked access to the following document types when sent via email:

.accdb

.accde

.accdw

.accdt

.accda

.accdr

.accdu

This proactive measure prevents the execution of malicious code embedded in Access files and demonstrates the value of AI in uncovering complex vulnerabilities.

Microsoft Windows Reliable Multicast Transport Driver (RMCAST) RCE Vulnerability (CVE-2025-21307)

This vulnerability could allow an unauthenticated attacker to execute code on a vulnerable system by sending specially crafted packets to a Pragmatic General Multicast (PGM) open socket. The attack requires no user interaction but is only exploitable if a program is actively listening on a PGM port. To mitigate risks, Microsoft advises:

Protecting access to open ports at the network level using firewalls.

Avoiding exposure of PGM receivers to the public internet.

Installing the latest updates (KB5050021).

Windows 11 Updates

As part of this month’s Patch Tuesday, Microsoft also released cumulative updates for Windows 11 versions 24H2 and 23H2:

Update Details

Windows 11 24H2 (KB5050009): Build number updated to 26100.2605.

Windows 11 23H2 (KB5050021): Build number updated to 226×1.4602.

These updates are mandatory, addressing critical vulnerabilities identified in previous months. Windows 11 users are urged to install the updates promptly to ensure their systems remain secure.

How to Install the Updates

To install the updates, users can:

Navigate to Start > Settings > Windows Update.

Click on Check for Updates.

Alternatively, the updates can be manually downloaded and installed from the Microsoft Update Catalog.

Best Practices for Staying Secure

Given the scope and severity of the vulnerabilities addressed in this month’s Patch Tuesday, it’s crucial to implement best practices for system security:

  1. Apply Updates Immediately
  • Delaying updates leaves systems vulnerable to exploitation. Automate updates wherever possible to ensure timely patching.

2. Disable NTLM Authentication

  • NTLM vulnerabilities remain a significant attack vector. Disable NTLM authentication or restrict outgoing NTLM traffic to remote servers.

3. Limit Exposure of Network Ports

  • Use firewalls to restrict access to sensitive network ports. Avoid exposing services like PGM to the public internet.

4. Educate Users

Many attacks rely on user interaction. Conduct regular training to educate users about phishing scams, malicious attachments, and suspicious files.

5. Use Security Tools

  • Deploy endpoint detection and response (EDR) solutions to monitor and mitigate threats proactively.

The Role of AI in Cybersecurity

The discovery of vulnerabilities by platforms like Unpatched.ai highlights the growing role of artificial intelligence in identifying and addressing security risks. AI tools can analyze vast amounts of data, identify anomalies, and uncover vulnerabilities faster than traditional methods, enhancing the overall security landscape.

Closing Summary

Microsoft’s January 2025 Patch Tuesday addresses a staggering 159 vulnerabilities, including eight zero-days, reinforcing the importance of proactive patch management. By applying updates, implementing security best practices, and leveraging advanced technologies like AI, organizations can mitigate risks and safeguard their digital environments.

Related posts:

  1. Automating Python Uninstallation with PowerShell
  2. Mitigate Dell supportAssist Privilege Escalation vulnerability
  3. Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
  4. Internet Shortcut Files Security Feature Bypass Vulnerability
  5. Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)
  6. How to Fix Weak SSL/TLS Key Exchange vulnerability (Diffie-Hellman)
  7. Birthday attacks against TLS ciphers with 64bit (Sweet32)
  8. [Solved] Windows Speculative Execution Configuration Check Vulnerabilities
  9. [Solved] CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
  10. [Solved] CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top