Microsoft released a large-scale update at the beginning of 2025 as part of the Patch Tuesday Correction for 161 vulnerabilities in their software, including three actively operated “zero days”. Among these, 11 are classified as critical and 149 as important. The update fixed a vulnerability in Windows Secure Boot (cve-2024-7344) without official criticality. According to Zero Day Initiative, this update is the largest one-time security patch since 2017.
Three vulnerabilities in Windows Hyper-V Nt Kernel Integration vsp caught particular attention: cve 2025-21333, cve-2025-21334, CVE-2025-21335. All are scored at 7.8 points for CVSS and actively used. Microsoft stated that the successful exploitation of these vulnerabilities allows attackers to gain System privileges. CISA has already added known exploited vulnerabilities (KEV) to their catalog, requiring US Federal Agencies to apply patches by February 4, 2025.
Five vulnerabilities were publicly disclosed before the release of patches, including cve-2025-21186, cve-2025-21366, cve-2025-21395 in Microsoft Access (RCE, CVSS. 7.8), cve-2025-21275 in Windows App Package Installer, and cve-2025-21308 in Windows Themes, revealing NTLM Hash.
Three Microsoft Access vulnerabilities were discovered by the Unpatched.ai platform, requiring a special file from the user for operation despite being classified as RCE.
The January Patch Tuesday also addressed five critical vulnerabilities, including CVE-2025-21294 (remote code execution through Digest Authentication, CVSS. 8.1), cve-2025-21298 (RCE via Ole, CVSS. 9.8), cve-2025-21307 (vulnerability in driver RMCAST, CVSS. 9.8), and cve-2025-21311 (privilege escalation through NTLM v1).
In one attack scenario, an attacker could send a specially crafted email that, when opened in Microsoft Outlook, could lead to the remote execution of code.