Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws – BleepingComputer
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsFBI deletes Chinese PlugX malware from thousands of US computersFortinet warns of auth bypass zero-day exploited to hijack firewallsHackers use FastHTTP in new high-speed Microsoft 365 password attacksThe A to Z of cybersecurity in one affordable bundleHackers use Google Search ads to steal Google Ads accountsMicrosoft ends support for Office apps on Windows 10 in OctoberOver 660,000 Rsync servers exposed to code execution attacksHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeToday is Microsoft’s January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks.This Patch Tuesday also fixes twelve “Critical” vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.The number of bugs in each vulnerability category is listed below:To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5050009 & KB5050021 cumulative updates and the Windows 10 KB5048652 cumulative update.This month’s Patch Tuesday fixes three actively exploited and five publicly exposed zero-day vulnerabilities.Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.The actively exploited zero-day vulnerability in today’s updates are:CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 – Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityMicrosoft has fixed three elevation of privilege vulnerability in Windows Hyper-V that were exploited in attacks to gain SYSTEM privileges on Windows devices.No information has been released as to how these flaws were exploited in attacks, and they all show that they were disclosed anonymously.As the CVEs for these three vulnerabilities are sequential and for the same feature, they were all likely found used or discovered through the same attacks.The publicly disclosed zero-days are:CVE-2025-21275 – Windows App Package Installer Elevation of Privilege VulnerabilityMicrosoft fixed an elevation of privileges flaw in the Windows App Package Installer that could lead to SYSTEM privileges.”An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft’s advisory.The vulnerability was submitted anonymously to Microsoft.CVE-2025-21308 – Windows Themes Spoofing VulnerabilityMicrosoft fixed a Windows Theme vulnerability that could be exploited simply by displaying a specially crafted Theme file in Windows Explorer.”An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.,” explains Microsoft’s advisory.The flaw was discovered by Blaz Satler with 0patch by ACROS Security, which is a bypass of a previous flaw tracked as CVE-2024-38030. 0patch previously released micropatches for this flaw in October, while waiting for Microsoft to fix it.When a Theme file is viewed in Windows Explorer and utilizes BrandImage and Wallpaper options that specify a network file path, Windows automatically sends authentication requests to the remote host, including the logged-in user’s NTLM credentials.These NTLM hashes can then be cracked to get the plain-text password or used in pass-the-hash attacks.Microsoft says the flaw is mitigated if NTLM is disabled or the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy is enabled.CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 – Microsoft Access Remote Code Execution VulnerabilityMicrosoft fixed three remote code execution vulnerabilities in Microsoft Access that are exploited when opening specially crafted Microsoft Access documents.Microsoft has mitigated this issue by blocking access to the following Microsoft Access documents if they were sent via email:What makes this interesting is that Unpatched.ai, an AI-assisted vulnerability discovery platform, has discovered all three flaws.Other vendors who released updates or advisories in January 2025 include:Below is the complete list of resolved vulnerabilities in the January 2025 Patch Tuesday updates.To access the full description of each vulnerability and the systems it affects, you can view the full report here.Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flawsWindows 10 KB5049981 update released with new BYOVD blocklistWindows 10 KB5048652 update fixes new motherboard activation bugJanuary Windows updates may fail if Citrix SRA is installed Windows 11 KB5050009 & KB5050021 cumulative updates releasedNot a member yet? Register NowMicrosoft MFA outage blocking access to Microsoft 365 appsPhishing texts trick Apple iMessage users into disabling protectionRansomware abuses Amazon AWS feature to encrypt S3 bucketsSave IT time with self-service password resetsProtecting Against Malicious Browser Extensions: The Complete GuidePassword health-check overdue? Audit your Active Directory for freeCynet Delivers 100% Protection and 100% Detection Visibility in 2024 MITRE ATT&CK EvaluationCriminal IP: Real-Time Phishing Protection for Outlook UsersTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
