Headline
January Microsoft Patch Tuesday
January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild: 🔻 EoP – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335). No details yet. No vulnerabilities have public exploits. 5 have private ones: 🔸 Security Feature Bypass – Microsoft Update Catalog (CVE-2024-49147), MapUrlToZone (CVE-2025-21268, CVE-2025-21189)🔸 […]
January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild:
🔻 EoP – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335). No details yet.
No vulnerabilities have public exploits. 5 have private ones:
🔸 Security Feature Bypass – Microsoft Update Catalog (CVE-2024-49147), MapUrlToZone (CVE-2025-21268, CVE-2025-21189)
🔸 EoP – Windows Installer (CVE-2025-21287)
🔸 Auth. Bypass – Azure (CVE-2025-21380)
Notable among the rest:
🔹 RCE – Windows OLE (CVE-2025-21298), Windows RMCAST (CVE-2025-21307), Microsoft Office (CVE-2025-21365), Windows Remote Desktop Services (CVE-2025-21297, CVE-2025-21309), NEGOEX (CVE-2025-21295)
🔹 EoP – Windows NTLM V1 (CVE-2025-21311), Windows Search Service (CVE-2025-21292), Windows App Package Installer (CVE-2025-21275)
🔹 Spoofing – Windows Themes (CVE-2025-21308)
🗒 Full Vulristics report
На русском
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Related news
New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. 😉 📹 Video on YouTube and LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:00 Greetings 🔻 00:23 Remote Code Execution – Windows […]
About Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) vulnerability. These three vulnerabilities were disclosed as part of Microsoft’s January Patch Tuesday and share the same description. They were found in a component used for communications between the host OS and container-type virtual machines, such as Windows Sandbox and Microsoft […]
About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE (Object Linking and Embedding) is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this technology is embedding an Excel table in a Word document. What […]
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”