Technology

Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s

Microsoft released a security as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities. These fixes are crucial for securing Windows operating systems and related software against potential exploitation. Key Highlights of December 2024 Patch Tuesday Updates: Microsoft Patches 3 Zero-Day Vulnerabilities in January […] The post Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s appeared first on Cyber Security News.

Jan 14, 2025 - 20:13
 0
Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s

Microsoft released a security as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities. These fixes are crucial for securing Windows operating systems and related software against potential exploitation.

Key Highlights of December 2024 Patch Tuesday Updates:

  1. CVE-2025-21362 & CVE-2025-21354: Both involve vulnerabilities in Microsoft Excel that allow remote code execution if a user opens a specially crafted file. These are critical as they could enable attackers to execute arbitrary code with user privileges.
  2. CVE-2025-21311: A critical vulnerability in Windows NTLM V1 that could allow privilege escalation, potentially giving attackers higher access levels on the system.
  3. CVE-2025-21309 & CVE-2025-21297: Both relate to vulnerabilities in Windows Remote Desktop Services, enabling remote code execution through maliciously crafted connections or files.
  4. CVE-2025-21307: Affects the Reliable Multicast Transport Driver (RMCAST), allowing remote attackers to execute arbitrary code.
  5. CVE-2025-21298 & CVE-2025-21296: These involve vulnerabilities in Windows OLE and BranchCache, respectively, which could permit remote code execution via crafted inputs.
  6. CVE-2025-21295 & CVE-2025-21294: Both are critical remote code execution vulnerabilities affecting authentication mechanisms (SPNEGO and Digest Authentication), which could compromise system integrity.

Microsoft Patches 3 Zero-Day Vulnerabilities in January 2025 Security Update

Microsoft has released its January 2025 Patch Tuesday updates, addressing numerous security vulnerabilities, including three critical zero-day flaws that were publicly disclosed and actively exploited.

The updates, aimed at improving the security of Windows and related software, fix issues ranging from privilege escalation to remote code execution and spoofing vulnerabilities. Below are the key details about the zero-day vulnerabilities that were patched:

CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability

A critical elevation of privilege (EoP) vulnerability identified as CVE-2025-21275 has been fixed in the Windows App Package Installer. This flaw allows an attacker to gain SYSTEM-level privileges on a compromised device. Microsoft acknowledged that an attacker who successfully exploits this vulnerability could take complete control of the affected system.

This vulnerability was reported to Microsoft anonymously. While no specific details about ongoing exploitation have been disclosed, flaws like these are often sought after by attackers aiming to escalate access privileges.

CVE-2025-21308: Windows Themes Spoofing Vulnerability

Another concerning zero-day, tracked as CVE-2025-21308, was found in Windows Themes functionality. This spoofing vulnerability could be triggered merely by displaying a specially crafted Theme file in Windows Explorer.

Unlike many other attacks, users do not necessarily need to open or click on the malicious file—simply loading it in Windows Explorer could exploit the flaw.

The exploit works by leveraging the BrandImage and Wallpaper options in Theme files to specify a network file path.

When Windows Explorer processes these files, it automatically sends the logged-in user’s NTLM credentials to the remote host specified in the Theme file. Attackers can use these NTLM hashes to either crack the plain-text password or execute pass-the-hash attacks.

Steps to Mitigate CVE-2025-21308

Microsoft advises users to disable NTLM or enable the security policy “Restrict NTLM: Outgoing NTLM traffic to remote servers” to mitigate the risk of this vulnerability.

The flaw was discovered by Blaz Satler of 0patch at ACROS Security and is a bypass of a previous vulnerability (CVE-2024-38030). Notably, 0patch had already released micropatches for this flaw in October 2024 while awaiting Microsoft’s official fix.

Microsoft Access Vulnerabilities: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395

Three remote code execution (RCE) vulnerabilities in Microsoft Access, tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395, have been addressed. These flaws could be exploited by attackers to execute malicious code simply by tricking a victim into opening specially crafted Microsoft Access documents.

The vulnerabilities highlight the importance of avoiding untrusted files and having security solutions in place that can detect suspicious activity in office productivity tools.

Microsoft’s January 2025 Patch Tuesday emphasizes the ever-present risk of zero-day vulnerabilities in widely used software. Users are urged to apply updates immediately to protect their devices from potential exploitation.

Beyond installing updates, organizations should consider implementing additional mitigations, such as disabling NTLM for enterprise networks or using policies to restrict the use of vulnerable protocols.

Microsoft January 2025 Patch Tuesday

CVE NumberCVE TitleImpactMax Severity
CVE-2025-21417Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21413Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21411Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21409Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21405Visual Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21403On-Premises Data Gateway Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21402Microsoft Office OneNote Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21395Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21393Microsoft SharePoint Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21389Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21382Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21378Windows CSC Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21374Windows CSC Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21372Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21370Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21366Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21365Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21364Microsoft Excel Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21363Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21362Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21361Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21360Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21357Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21356Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21354Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21348Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21346Microsoft Office Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21345Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21344Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21343Windows Web Threat Defense User Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21341Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21340Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21339Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21338GDI+ Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21336Windows Cryptographic Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21335Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21334Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21333Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21332MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21331Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21330Windows Remote Desktop Services Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21329MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21328MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21327Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21326Internet Explorer Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21324Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21323Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21321Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21320Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21319Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21318Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21317Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21316Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21315Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21314Windows SmartScreen Spoofing VulnerabilitySpoofingImportant
CVE-2025-21313Windows Security Account Manager (SAM) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21312Windows Smart Card Reader Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21311Windows NTLM V1 Elevation of Privilege VulnerabilityElevation of PrivilegeCritical
CVE-2025-21310Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21309Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21308Windows Themes Spoofing VulnerabilitySpoofingImportant
CVE-2025-21307Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21306Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21305Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21304Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21303Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21302Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21301Windows Geolocation Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21300Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21299Windows Kerberos Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21298Windows OLE Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21297Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21296BranchCache Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21295SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21294Microsoft Digest Authentication Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21293Active Directory Domain Services Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21292Windows Search Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21291Windows Direct Show Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21290Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21289Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21288Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21287Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21286Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21285Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21284Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21282Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21281Microsoft COM for Windows Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21280Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21278Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21277Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21276Windows MapUrlToZone Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21275Windows App Package Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21274Windows Event Tracing Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21273Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21272Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21271Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21270Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21269Windows HTML Platforms Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21268MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21266Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21265Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21263Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21261Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21260Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21258Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21257Windows WLAN AutoConfig Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21256Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21255Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21252Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21251Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21250Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21249Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21248Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21246Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21245Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21244Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21243Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21242Windows Kerberos Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21241Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21240Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21239Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21238Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21237Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21236Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21235Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21234Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21233Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21232Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21231IP Helper Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21230Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21229Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21228Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21227Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21226Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21225Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21224Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21223Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21220Microsoft Message Queuing Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21219MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21218Windows Kerberos Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21217Windows NTLM Spoofing VulnerabilitySpoofingImportant
CVE-2025-21215Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21214Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21213Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21211Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21210Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21207Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21202Windows Recovery Environment Agent Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21193Active Directory Federation Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21189MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21187Microsoft Power Automate Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21186Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21178Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21176.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21173.NET Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21172.NET and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21171.NET Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2024-7344Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2024-50338GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-managerInformation DisclosureImportant

Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information. 

All users should update their products to the latest version to prevent threat actors from exploiting these vulnerabilities.

The post Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s appeared first on Cyber Security News.

Read More

Tags:

Previous Article

Static and Dynamic Attention: Implications for Graph Neural Networks

Next Article

Highlights: Boulter digs deep to see off Marino and progress to second round

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Related Posts

Arm & Hammer? Rumored royalty hike by Arm could hammer Samsung's Exynos dream

Arm & Hammer? Rumored royalty hike by Arm could hammer ...

Jan 16, 2025  0

Here's your first look at the Samsung Galaxy S25 Slim

Here's your first look at the Samsung Galaxy S25 Slim

Jan 15, 2025  0

Google Is Testing AI-Powered Permission Management in Chrome

Google Is Testing AI-Powered Permission Management in C...

Jan 15, 2025  0