Cyber Security News

Microsoft January 2025 Patch Tuesday Comes with Fix for 159 Vulnerabilities

Microsoft’s January 2025 Patch Tuesday has arrived with a significant security update, addressing a total of 159 vulnerabilities.

This marks the largest number of CVEs addressed in a single month since at least 2017, more than doubling the usual amount fixed in January.

Out of the 159 CVEs, 11 are classified as critical security flaws. Fortunately, none of these critical vulnerabilities are currently being exploited in the wild.

However, it’s important to note that this situation can change rapidly, as “Patch Tuesday” is often followed by “Exploit Wednesday,” when newly disclosed flaws come under active attack.

Three vulnerabilities rated as important are currently under active exploit:-

  1. CVE-2025-21333
  2. CVE-2025-21334
  3. CVE-2025-21335

These flaws target the Windows Hyper-V NT Kernel Integration component, allowing threat actors to elevate privileges from restricted users to administrator access.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Affected Services and Components

The critical flaws impact various Microsoft services, including:

  • Azure Marketplace (CVE-2025-21380)
  • Visual Studio (CVE-2025-21178)
  • Windows Remote Desktop Services (CVE-2025-21297)

Additionally, the security updates cover a wide range of Microsoft products, features, and roles, such as Active Directory Domain Services, Microsoft Office, Windows Defender, and many others.

The large number of vulnerabilities addressed could potentially signal a trend for increased patch levels throughout 2025.

While the January 2025 Patch Tuesday presents a significant workload for administrators, prompt action in testing and deploying these security updates is crucial to maintain robust system security and mitigate potential threats.

Vulnerabilities Fixed

CVE NumberCVE TitleImpactMax Severity
CVE-2025-21417Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21413Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21411Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21409Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21405Visual Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21403On-Premises Data Gateway Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21402Microsoft Office OneNote Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21395Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21393Microsoft SharePoint Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21389Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21382Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21378Windows CSC Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21374Windows CSC Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21372Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21370Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21366Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21365Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21364Microsoft Excel Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21363Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21362Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21361Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21360Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21357Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21356Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21354Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21348Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21346Microsoft Office Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21345Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21344Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21343Windows Web Threat Defense User Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21341Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21340Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21339Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21338GDI+ Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21336Windows Cryptographic Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21335Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21334Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21333Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21332MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21331Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21330Windows Remote Desktop Services Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21329MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21328MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21327Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21326Internet Explorer Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21324Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21323Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21321Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21320Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21319Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21318Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21317Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21316Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21315Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21314Windows SmartScreen Spoofing VulnerabilitySpoofingImportant
CVE-2025-21313Windows Security Account Manager (SAM) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21312Windows Smart Card Reader Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21311Windows NTLM V1 Elevation of Privilege VulnerabilityElevation of PrivilegeCritical
CVE-2025-21310Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21309Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21308Windows Themes Spoofing VulnerabilitySpoofingImportant
CVE-2025-21307Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21306Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21305Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21304Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21303Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21302Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21301Windows Geolocation Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21300Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21299Windows Kerberos Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21298Windows OLE Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21297Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21296BranchCache Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21295SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21294Microsoft Digest Authentication Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21293Active Directory Domain Services Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21292Windows Search Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21291Windows Direct Show Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21290Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21289Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21288Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21287Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21286Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21285Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21284Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21282Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21281Microsoft COM for Windows Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21280Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21278Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21277Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21276Windows MapUrlToZone Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21275Windows App Package Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21274Windows Event Tracing Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21273Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21272Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21271Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21270Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21269Windows HTML Platforms Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21268MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21266Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21265Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21263Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21261Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21260Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21258Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21257Windows WLAN AutoConfig Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21256Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21255Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21252Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21251Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21250Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21249Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21248Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21246Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21245Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21244Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21243Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21242Windows Kerberos Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21241Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21240Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21239Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21238Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21237Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21236Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21235Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21234Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21233Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21232Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21231IP Helper Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21230Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21229Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21228Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21227Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21226Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21225Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21224Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21223Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21220Microsoft Message Queuing Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21219MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21218Windows Kerberos Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21217Windows NTLM Spoofing VulnerabilitySpoofingImportant
CVE-2025-21215Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21214Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21213Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21211Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21210Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21207Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21202Windows Recovery Environment Agent Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21193Active Directory Federation Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21189MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21187Microsoft Power Automate Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21186Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21178Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21176.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21173.NET Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21172.NET and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21171.NET Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2024-7344Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2024-50338GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-managerInformation DisclosureImportant

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Leave a Comment
Share
Published by
Tushar Subhra
Tags: Cyber Security NewsVulnerability
1 day ago

Recent Posts

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…

2 hours ago

AIRASHI Botnet Exploiting 0DAY Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…

3 hours ago

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…

3 hours ago

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…

3 hours ago

Thousands of PHP-based Web Applications Exploited to Deploy Malware

A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…

3 hours ago

W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data

A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…

6 hours ago