Next event
ITCON 2025 Meer info
Logo
Next event
ITCON 2025 Meer info
Logo
Home Patch Tuesday Januari 2025

Patch Tuesday Januari 2025

 Patch Tuesday - January 2025  comes with fixes for 159 vulnerabilities, including 8 zero-days 

Patch Manager Plus | January 15, 2025 |5 min read

Welcome to the first Patch Tuesday of the year! Let's see what new surprises and challenges await us. This year, there are 159 vulnerabilities, eight of which are zero-days. Three of these zero-days are currently being actively exploited.

In this article, we’ll first review this month’s updates and offer the option to schedule a session with a CBA Benelux consultant for a free Patch Tuesday web session, where the consultant will discuss the updates in detail.

 

 Patch Tuesday januari 2024 

Security updates lineup

Here is a breakdown of the vulnerabilities fixed this month:

 

CVE IDs: 159

 

Republished CVE IDs: 2 (more details on this below)

 

Security updates were released for the following products, features, and roles:

 

  • .NET

  • .NET and Visual Studio

  • .NET, .NET Framework, Visual Studio

  • Active Directory Domain Services

  • Active Directory Federation Services

  • Azure Marketplace SaaS Resources

  • BranchCache

  • Internet Explorer

  • IP Helper

  • Line Printer Daemon Service (LPD)

  • Microsoft AutoUpdate (MAU)

  • Microsoft Azure Gateway Manager

  • Microsoft Brokering File System

  • Microsoft Digest Authentication

  • Microsoft Graphics Component

  • Microsoft Office

  • Microsoft Office Access

  • Microsoft Office Excel

  • Microsoft Office OneNote

  • Microsoft Office Outlook

  • Microsoft Office Outlook for Mac

  • Microsoft Office SharePoint

  • Microsoft Office Visio

  • Microsoft Office Word

  • Microsoft Purview

  • Microsoft Windows Search Component

  • Power Automate

  • Reliable Multicast Transport Driver (RMCAST)

  • Visual Studio

  • Windows BitLocker

  • Windows Boot Loader

  • Windows Boot Manager

  • Windows Client-Side Caching (CSC) Service

  • Windows Cloud Files Mini Filter Driver

  • Windows COM

  • Windows Connected Devices Platform Service

  • Windows Cryptographic Services

  • Windows Digital Media

  • Windows Direct Show

  • Windows DWM Core Library

  • Windows Event Tracing

  • Windows Geolocation Service

  • Windows Hello

  • Windows Hyper-V NT Kernel Integration VSP

  • Windows Installer

  • Windows Kerberos

  • Windows Kernel Memory

  • Windows MapUrlToZone

  • Windows Message Queuing

  • Windows NTLM

  • Windows OLE

  • Windows PrintWorkflowUserSvc

  • Windows Recovery Environment Agent

  • Windows Remote Desktop Services

  • Windows Secure Boot

  • Windows Security Account Manager

  • Windows Smart Card

  • Windows SmartScreen

  • Windows SPNEGO Extended Negotiation

  • Windows Telephony Service

  • Windows Themes

  • Windows UPnP Device Host

  • Windows Virtual Trusted Platform Module

  • Windows Virtualization-Based Security (VBS) Enclave

  • Windows Web Threat Defense User Service

  • Windows Win32K – GRFX

  • Windows WLAN Auto Config Service

 

Learn more in the MSRC’s release notes.

 

 Details of the zero-day vulnerabilities 

CVE-2025-21333, CVE-2025-21334, CVE-2025-21335

Vulnerable component: Windows Hyper-V NT Kernel Integration VSP

 

Impact: Elevation of privilege

 

CVSS 3.1: 7.8

 

These vulnerabilities allow attackers to execute arbitrary code with elevated privileges on affected systems. Per Microsoft, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

 

While these vulnerabilities are being actively exploited, these haven’t been publicly disclosed before.

 

CVE-2025-21186,  CVE-2025-21366, CVE-2025-21395

Vulnerable component: Microsoft Access

 

Impact: Remote Code Execution

 

CVSS 3.1: 7.8

 

As of now, the vulnerabilities have been publicly disclosed, but there have been no recorded instances of exploitation. The updates released potentially block certain types of malicious extensions from being sent via email. The extensions are:

 

  • accdb

  • accde

  • accdw

  • accdt

  • accda

  • accdr

  • accdu

 

 

Vulnerable component: Windows Themes

 

Impact: Spoofing

 

CVSS 3.1: 6.5

 

Microsoft states, “An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.”

 

As for the mitigation, Windows systems that have NTLM disabled in them are not affected by the vulnerability, while the other systems need to block the NTLM hash by applying an existing Group Policy, for which details can be found here.

 

 

Vulnerable component: Windows App Package Installer

 

Impact: Elevation of Privilege

 

CVSS 3.1: 7.8

 

This vulnerability has also been publicly disclosed, yet no instances of active exploitation have been noted. Microsoft has stated that the attackers can gain SYSTEM privileges by exploiting the vulnerability.

 

 Republished CVE IDs 

Besides the vulnerabilities fixed in this month’s Patch Tuesday, Microsoft has also republished two CVE IDs. These are as follows:

 

 

 

Some third-party vendors such as Adobe, Cisco, SAP, Fortinet, and Ivanti have also released updates this January.

With Endpoint Central, Patch Manager Plus, or Vulnerability Manager Plus, you can fully automate the entire patch management process, from testing patches to deploying them. You can also tailor the patch tasks to fit your current needs.

Want hands-on experience with one of these products? Try a free 30-day trial and keep thousands of applications patched and secure.

Want to learn more about the Patch Tuesday updates? Contact us for a free Patch Tuesday session, where we thoroughly discuss the updates and provide in-depth analysis. During this session, you'll have the opportunity to ask our experts questions and get answers to all your Patch Tuesday-related inquiries.