Facebook Twitter Instagram Youtube
Contact Us
Facebook Twitter Instagram Youtube

159-CVE January Patch Tuesday smashes single-month record – Sophos News

159-CVE January Patch Tuesday smashes single-month record – Sophos News 159-CVE January Patch Tuesday smashes single-month record – Sophos News

Microsoft on Tuesday released 159 patches touching 13 product families. Nine of the addressed issues are considered by Microsoft to be of Critical severity, and 43 have a CVSS base score of 8.0 or higher. Three are under active exploit in the wild. One can best be mitigated by “configur[ing] Microsoft Outlook to read all standard mail in plain text.”

The unprecedented patch haul falls mainly to Windows, with 132 patches applicable to the operating system. (132 patches would itself quality as the third-largest release since 2020.) Within that group, a number of themes emerge – 28 remote-code-execution patches affecting Windows Telephony Services, for instance, or the 17 elevation-of-privilege issues addressed in Windows Digital Media. Eight of the Windows patches are critical-severity, including the OLE-involved Outlook bug noted above. (We’ll look more closely at that situation in a minute.)

At patch time, three important-severity EoP issues, all titled “Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are known to be under exploit in the wild, with 17 additional CVEs more likely to be exploited in the next 30 days by the company’s estimation. Two of this month’s issues are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, the release includes advisory information on Servicing Stack Updates, as well as information on the month’s single Edge patch (there is also an Internet Explorer patch, as we’ll discuss below) and two issues covered in the release but already mitigated by Microsoft. We are as always including at the end of this post additional appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family; an appendix covering the advisory-style updates; and a breakout of the 130 patches affecting the various Windows Server platforms still in support.

  • Total CVEs: 159
  • Publicly disclosed: 3
  • Exploit detected: 3
  • Severity
    • Critical: 9
    • Important: 150
  • Impact
    • Remote Code Execution: 58
    • Elevation of Privilege: 40
    • Information Disclosure: 22
    • Denial of Service: 20
    • Security Feature Bypass: 14
    • Spoofing: 5
  • CVSS base score 9.0 or greater: 3
  • CVSS base score 8.0 or greater: 40

A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text

Figure 1: Though RCE continues to rule the roost, a variety of impacts are represented in the first patch haul of the year

Products

  • Windows: 132
  • 365: 13
  • Office: 13
  • Visual Studio: 7
  • .NET: 4
  • Access: 3
  • SharePoint: 3
  • Office for Mac: 2
  • AutoUpdate for Mac: 1
  • Excel: 1
  • Outlook: 1
  • On-Premises Data Gateway: 1
  • Power Automate: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect.

A bar chart showing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text

Figure 2: All but two of January’s Windows patches apply to the server-side OS. As for the rest, Office for Mac gets a single patch all to iteself and shares one with other versions of Office

Notable January updates

In addition to the issues discussed above, a number of specific items merit attention.

CVE-2025-21298 — Windows OLE Remote Code Execution Vulnerability

With a CVSS base score of 9.8, this critical-severity issue is already attention-getting, but it’s even more exciting than that. This is an RTF (Rich Text Format) issue, so though it must be corrected in Windows it applies to various products, in particular email. Since the flaw can be triggered in Preview Pane, an attacker deploying this vulnerability would have to do nothing more than send a malicious email to the target; even if the user doesn’t click on anything, simply viewing it is sufficient to set off RCE. Fortunately it’s not yet believed to be under active exploit in the wild – the finders worked with The Zero-Day Initiative to bring it to Microsoft’s attention – but it’s reasonable to assume the clock is ticking. As noted above, the company does indeed recommend that users stick with reading their email in plaintext, and gives the instructions for configuring individual machines to do so in Outlook. Users of other email programs will wish to take note and act accordingly.

CVE-2025-21311 — Windows NTLM V1 Elevation of Privilege Vulnerability

Another 9.8 on CVSS’s scale, this one applies to Microsoft’s most recent offerings (Windows 11 24H2, Server 2022 23H2, Server 2025) and is relatively easy to mitigate by setting LmCompatibilityLevel to its maximum value of 5, thus disallowing usage of the MTLMv1 protocol. That’s good, because the vulnerability is remotely exploitable, requires no particular knowledge of the target system, and has a high success rate.

CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Access Remote Code Execution Vulnerability

Continuing this month’s theme of “changes to email functionality that’ll make end users cranky,” the patches for these CVEs all block seven potentially malicious extensions (.accda, .accdb, .accde,  .accdr, accdt, .accdu, .accdw) from being sent via email. Microsoft states that the recipient will get a notification that there was an attachment but that it cannot be accessed. All three issues are RCE aimed at RDP, and all three are already publicly known.

CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – various titles

Eight of this month’s patches involve Virtual Secure Mode components, which means that administrators need to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues.

CVE-2025-21343 — Windows Web Threat Defense User Service Information Disclosure Vulnerability

An Important-severity information-disclosure issue, this oddity can, if exploited, allow the attacker to capture screenshots of another user’s session. It’s likewise rather specific in scope, affecting only Windows 11 22H2, 23H2, and 24H2. It was submitted to Microsoft by an uncommon finder, the Australian Signals Directorate.

CVE-2025-21326 — Internet Explorer Remote Code Execution Vulnerability

Seems like old times with a name like that, but this important-severity RCE affects not the browser of yore but Windows Server 2022 23H2 and Windows Server 2025.

A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest

Figure 3: This spike at the right edge? There we are

 

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall
CVE-2025-21299 Exp/2521299-A Exp/2521299-A
CVE-2025-21362 sid:2310479 sid:2310479

 

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of January patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (58 CVEs)

Critical severity
CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability
CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296 BranchCache Remote Code Execution Vulnerability
CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
Important severity
CVE-2025-21171 .NET Remote Code Execution Vulnerability
CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability
CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21338 GDI+ Remote Code Execution Vulnerability
CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability

 

Elevation of Privilege (40 CVEs)

Critical severity
CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability
Important severity
CVE-2025-21173 .NET Elevation of Privilege Vulnerability
CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability

 

 

Information Disclosure (22 CVEs)

Important severity
CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability
CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability
CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability
CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability

 

Denial of Service (20 CVEs)

Important severity
CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability
CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21231 IP Helper Denial of Service Vulnerability
CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability

 

Security Feature Bypass (14 CVEs)

Important severity
CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability

 

Spoofing (5 CVEs)

Important severity
CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability
CVE-2025-21308 Windows Themes Spoofing Vulnerability
CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability
CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

 

 

Appendix B: Exploitability

This is a list of the January CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation detected
CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Exploitation more likely within the next 30 days
CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability
CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability

 

Appendix C: Products Affected

This is a list of January’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Issues affecting Windows Server are further sorted in Appendix E. Please note that Office for Mac has a standalone entry for CVE-2025-21361, which affects only that platform.

Windows (132 CVEs)

Critical severity
CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296 BranchCache Remote Code Execution Vulnerability
CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability
Important severity
CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability
CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability
CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21231 IP Helper Denial of Service Vulnerability
CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability
CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability
CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability
CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21308 Windows Themes Spoofing Vulnerability
CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability
CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21338 GDI+ Remote Code Execution Vulnerability
CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability

 

365 (13 CVEs)

Important severity
CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability

 

Office (13 CVEs)

Important severity
CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21338 GDI+ Remote Code Execution Vulnerability
CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability

 

Visual Studio (7 CVEs)

Critical severity
CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability
Important severity
CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVE-2025-21171 .NET Remote Code Execution Vulnerability
CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21173 .NET Elevation of Privilege Vulnerability
CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability

 

.NET (4 CVEs)

Important severity
CVE-2025-21171 .NET Remote Code Execution Vulnerability
CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21173 .NET Elevation of Privilege Vulnerability
CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

 

Access (3 CVEs)

Important severity
CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability

 

SharePoint (3 CVEs)

Important severity
CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

Office for Mac (2 CVEs)

Important severity
CVE-2025-21338 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361 GDI+ Remote Code Execution Vulnerability

 

AutoUpdate for Mac (1 CVE)

Important severity
CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

 

Excel (1 CVE)

Important severity
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability

 

Outlook (1 CVE)

Important severity
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability

 

On-Premises Data Gateway (1 CVE)

Important severity
CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability

 

Power Automate (1 CVE)

Important severity
CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability

 

 

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the January release. The issues addressed in the three CVEs have already been mitigated by Microsoft, but were listed in the release in the interests of transparency.

Microsoft information:

CVE / identifier Product Title    
ADV990001 Latest Servicing Stack Updates
CVE-2025-21185 Edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Elevation of Privilege N/A
CVE-2025-21380 Marketplace SaaS Azure Marketplace SaaS Resources Information Disclosure Vulnerability Information Disclosure Critical
CVE-2025-21385 Purview Microsoft Purview Information Disclosure Vulnerability Information Disclosure Critical

 

There are no Adobe advisories in this month’s release.

Appendix E: Affected Windows Server versions

This is a table of CVEs in the January release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.

2008 2008-R2 2012 2012-R2 2016 2019 2022 2022 23H2 2025
CVE-2024-7344 × ×
CVE-2025-21189 × × ×
CVE-2025-21193 × × × ×
CVE-2025-21202 × × × ×
CVE-2025-21207 × × × × ×
CVE-2025-21210
CVE-2025-21211 × ×
CVE-2025-21213 × ×
CVE-2025-21214
CVE-2025-21215
CVE-2025-21217
CVE-2025-21218 × ×
CVE-2025-21219 × × × ×
CVE-2025-21220
CVE-2025-21223
CVE-2025-21224 × × × × × ×
CVE-2025-21225 × × × ×
CVE-2025-21226
CVE-2025-21227
CVE-2025-21228
CVE-2025-21229 × ×
CVE-2025-21230
CVE-2025-21231
CVE-2025-21232
CVE-2025-21233
CVE-2025-21234 × × × × × ×
CVE-2025-21235 × × × × × ×
CVE-2025-21236
CVE-2025-21237
CVE-2025-21238
CVE-2025-21239 × × × ×
CVE-2025-21240
CVE-2025-21241 × × × ×
CVE-2025-21242 ×
CVE-2025-21243
CVE-2025-21244
CVE-2025-21245
CVE-2025-21246
CVE-2025-21248 × × × ×
CVE-2025-21249
CVE-2025-21250
CVE-2025-21251
CVE-2025-21252
CVE-2025-21255
CVE-2025-21256
CVE-2025-21257 × × × ×
CVE-2025-21258
CVE-2025-21260
CVE-2025-21261
CVE-2025-21263
CVE-2025-21265
CVE-2025-21266
CVE-2025-21268
CVE-2025-21269
CVE-2025-21270
CVE-2025-21271 × × × × × × ×
CVE-2025-21272
CVE-2025-21273
CVE-2025-21274 × × ×
CVE-2025-21275 × × × × × ×
CVE-2025-21276
CVE-2025-21277
CVE-2025-21278 × ×
CVE-2025-21280 × × × ×
CVE-2025-21281 × ×
CVE-2025-21282
CVE-2025-21284 × × × ×
CVE-2025-21285
CVE-2025-21286
CVE-2025-21287
CVE-2025-21288
CVE-2025-21289
CVE-2025-21290
CVE-2025-21291 × × × × × ×
CVE-2025-21292 × × × × ×
CVE-2025-21293 × ×
CVE-2025-21294
CVE-2025-21295 ×
CVE-2025-21296 ×
CVE-2025-21297 ×
CVE-2025-21298
CVE-2025-21299 × × × ×
CVE-2025-21300
CVE-2025-21301 × × × ×
CVE-2025-21302
CVE-2025-21303
CVE-2025-21304 × × × × × × ×
CVE-2025-21305
CVE-2025-21306
CVE-2025-21307
CVE-2025-21308 × ×
CVE-2025-21309 × ×
CVE-2025-21310
CVE-2025-21311 × × × × × × ×
CVE-2025-21312 × × ×
CVE-2025-21313 × × × × × × ×
CVE-2025-21314 × × × ×
CVE-2025-21315 × × × × × × ×
CVE-2025-21316 × × ×
CVE-2025-21317 × × × × × ×
CVE-2025-21318 × ×
CVE-2025-21319 ×
CVE-2025-21320
CVE-2025-21321 × ×
CVE-2025-21323 × × × ×
CVE-2025-21324
CVE-2025-21326 × × × × × × ×
CVE-2025-21327
CVE-2025-21328
CVE-2025-21329
CVE-2025-21330 × × × × ×
CVE-2025-21331 ×
CVE-2025-21332
CVE-2025-21333 × × × × × × ×
CVE-2025-21334 × × × × × × ×
CVE-2025-21335 × × × × × × ×
CVE-2025-21336
CVE-2025-21338
CVE-2025-21339
CVE-2025-21340 × × × × ×
CVE-2025-21341
CVE-2025-21343 × × × × × × × × ×
CVE-2025-21370 × × × × × × × × ×
CVE-2025-21372 × × × × × × ×
CVE-2025-21374 × ×
CVE-2025-21378 × ×
CVE-2025-21382 × × × × ×
CVE-2025-21389
CVE-2025-21409
CVE-2025-21411
CVE-2025-21413
CVE-2025-21417

 

byLogan C.
Published
Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more