Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025

Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities

User avatar placeholder
Written by Dave W. Shanahan

January 15, 2025

Microsoft has released its first Patch Tuesday update of 2025, addressing a staggering 161 security vulnerabilities – the largest number of fixes in a single month since 2017. As reported by Bleeping Computer, the massive update includes security patches for three actively exploited zero-day flaws and multiple critical vulnerabilities that put Windows users at risk.

January 2025 security update Patch Tuesday: 3 critical zero-day exploits

Microsoft issues largest security updates in years, January 2025 patches 3 critical zero-day vulnerabilities

The most pressing concerns are three actively exploited vulnerabilities in Windows Hyper-V (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335), all rated with a severity score of 7.8. These flaws allow attackers to gain SYSTEM-level privileges on affected systems, potentially enabling them to disable security tools or extract credentials to move across enterprise networks.

Scope of vulnerabilities

The January 2025 update addresses:

  • 40 Elevation of Privilege vulnerabilities.
  • 58 Remote Code Execution vulnerabilities.
  • 24 Information Disclosure vulnerabilities.
  • 20 Denial of Service vulnerabilities.
  • 5 Spoofing vulnerabilities.

Microsoft Access vulnerabilities

Microsoft issues January 2025 largest security update in years, patches 3 critical zero-day vulnerabilities for January 2025

Three zero-day vulnerabilities in Microsoft Access (CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395) require immediate attention. These flaws could enable remote code execution if an attacker convinces a user to download and run a malicious file through social engineering.

Impact on enterprise systems

Security experts warn that the unprecedented size of this update could signal an “ominous” trend for 2025. The patches affect numerous Microsoft products, including Windows, Office, Azure, SharePoint Server, .NET, Visual Studio, Remote Desktop Services, BitLocker, and the Windows Virtual Trusted Platform Module.

Urgent action required

Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the three actively exploited Hyper-V vulnerabilities to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 4 to apply the patches. Security experts strongly advise all system administrators to prioritize these updates, particularly for systems running Hyper-V.

Discover more from Microsoft News Today

Subscribe to get the latest posts sent to your email.

, , , , , , , ,
Image placeholder

I'm Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows 11, Xbox, Microsoft 365 Copilot, Azure, and more. After OnMSFT.com closed, I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can find me on Twitter @Dav3Shanahan or email me at davewshanahan@gmail.com.

Microsoft announces end of Office apps support for Windows 10

Xbox announces major expansion of console repair options with uBreakiFix and commits to being a zero waste company by 2030