Microsoft January 2025 Patch Tuesday

10/2025

Critical

January 15, 2025

1:48 pm

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed eight zero-day vulnerabilities with three actively exploited in attacks.

Microsoft has fixed (161) vulnerabilities, with (3) classified as critical as they could allow the attacker to conduct spoofing attacks, perform denial of service attacks, gain elevated privileges, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.

January’s Patch Tuesday was released to fix security flaws in several Microsoft products such as .NET, Visual Studio, Active Directory Domain Services, Internet Explorer, Microsoft AutoUpdate (MAU), Microsoft Brokering File System, Microsoft Digest Authentication, Microsoft Graphics Component, Windows BitLocker, Windows Boot Manager, Windows Connected Devices Platform Service, Windows Hyper-V NT Kernel Integration VSP, Windows Kerberos, Windows Kernel Memory, Windows NTLM, Windows Remote Desktop Services, Microsoft Purview, Windows WLAN Auto Config Service, Microsoft Office, Windows Client-Side Caching (CSC) Service.

The actively exploited zero-day vulnerabilities in January’s Patch are:

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities “CVE-2025-21333, CVE-2025-21334, CVE-2025-21335” allow the attackers to gain SYSTEM privileges on Windows devices.

The publicly disclosed zero-days are:

Windows App Package Installer Elevation of Privilege Vulnerability “CVE-2025- 21275” allows attackers to gain SYSTEM privileges on Windows devices.
Windows Themes Spoofing Vulnerability “CVE-2025-21308” allows the attacker to convince the user to load a malicious file onto a vulnerable system, typically through an enticement in an Email or Instant Messenger message.
Microsoft Access Remote Code Execution Vulnerabilities “CVE-2025-21186, CVE-2025-21366, CVE-2025-21395” allows the attacker to execute remote code by opening specially crafted Microsoft Access documents.

Sample of the addressed vulnerabilities:

1. Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307):

CVSS: 9.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Consequences: Gain Access

2. Microsoft Purview Information Disclosure Vulnerability (CVE-2025-21385):

CVSS: 8.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Consequences: Obtain Information

Vulnerabilities

Microsoft MSRC

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Microsoft MSRC

References

Microsoft MSRC

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.