Microsoft released the January 2025 Patch Tuesday updates on January 14, 2025, focusing on addressing critical security vulnerabilities across various Microsoft products. This update cycle includes security patches, improvements, and bug fixes, but no new features were introduced this month.
Key Updates
- Windows 11 (KB5050009): This update is for Windows 11 version 24H2. It includes several bug fixes and security improvements, advancing the build to 26100.2894.
- Windows 10 (KB5049981): This update is for Windows 10 version 22H2. It addresses various security vulnerabilities and provides enhancements to improve overall performance and security.
Security Fixes
This month’s update cycle addresses a total of 161 security vulnerabilities, making it one of the most extensive patch releases in recent history. Among these, 11 vulnerabilities are rated as Critical, underscoring the importance of promptly applying these updates to mitigate potential risks.
Notable CVEs with CVSS Scores
Here are some of the critical vulnerabilities addressed in this update, along with their CVSS scores:
CVE-2025-21309: Remote Code Execution in Windows Remote Desktop Services
- CVSS Score: 8.1
- Description: This vulnerability allows arbitrary code execution on systems where the Remote Desktop Gateway role has been enabled.
- Impact: Exploitation could lead to unauthorized code execution on affected systems.
CVE-2025-21298: Remote Code Execution in Windows Object Linking and Embedding (OLE)
- CVSS Score: 9.8
- Description: This vulnerability can be triggered by sending a malicious email to a victim running a vulnerable version of Microsoft Outlook.
- Impact: Successful exploitation could allow an attacker to execute arbitrary code on vulnerable systems.
CVE-2025-21333: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
- CVSS Score: 7.8
- Description: This vulnerability allows an attacker to gain SYSTEM privileges through elevation of privilege.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21334: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
- CVSS Score: 7.8
- Description: This vulnerability allows an attacker to gain SYSTEM privileges through elevation of privilege.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21335: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
- CVSS Score: 7.8
- Description: This vulnerability allows an attacker to gain SYSTEM privileges through elevation of privilege.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21311: Elevation of Privilege in Windows NTLMv1
- CVSS Score: 9.8
- Description: This vulnerability allows an attacker to gain higher access levels on the system.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21307: Remote Code Execution in Windows Reliable Multicast Transport Driver (RMCAST)
- CVSS Score: 9.8
- Description: This vulnerability allows remote attackers to execute arbitrary code by sending specially crafted packets.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21362: Remote Code Execution in Microsoft Excel
- CVSS Score: 9.8
- Description: This vulnerability allows arbitrary code execution if a user opens a specially crafted file.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21354: Remote Code Execution in Microsoft Excel
- CVSS Score: 9.8
- Description: This vulnerability allows arbitrary code execution if a user opens a specially crafted file.
- Impact: Successful exploitation could lead to significant security breaches.
CVE-2025-21309: Remote Code Execution in Windows Remote Desktop Services
- CVSS Score: 8.1
- Description: This vulnerability allows arbitrary code execution on systems where the Remote Desktop Gateway role has been enabled.
- Impact: Exploitation could lead to unauthorized code execution on affected systems.
CVE-2025-21186, CVE-2025-21366, CVE-2025-21395: Remote Code Execution in Microsoft Access (Zeroday)
- CVSS Score: 7.8
- Description: A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file.
- Impact: Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.
CVE-2025-21275 : Windows App Package Installer Elevation of Privilege Vulnerability (Zeroday)
- CVSS Score: 7.8
- Description: A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. These types of flaws are often associated with post-compromise activity after an attacker has breached a system
- Impact: Successful exploitation would grant access to the attacker and lead to data breaches
CVE-2025-21308: Windows Themes Spoofing Vulnerability
- CVSS Score: 6.5
- Description: A vulnerability that could be exploited to display a specially crafted theme file.
- Impact: Successful exploitation requires an attacker to convince a user to load a malicious file, then convince the user to manipulate the specially crafted file.
CISA KEV Additions
The Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities from this Patch Tuesday to its Known Exploited Vulnerabilities (KEV) list, highlighting their critical nature and the need for immediate remediation:
- CVE-2025-21333: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
- CVE-2025-21334: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
- CVE-2025-21335: Elevation of Privilege in Windows Hyper-V NT Kernel Integration VSP
Improvements
- Servicing Stack Update (KB5050387): This update enhances the reliability of the servicing stack, ensuring that devices can receive and install updates more reliably.
- Driver Vulnerable Driver Blocklist: The update adds to the list of drivers at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- Personalized Offers: A new Tailored Experience called “Personalized offers” is introduced during the Windows 11 setup process.
Known Issues
- Roblox on Arm Devices: Some users on Arm devices are unable to download and play Roblox via the Microsoft Store. A workaround is to download the game directly from the Roblox website.
- OpenSSH Service Failure: Following the October 2024 security update, some customers report that the OpenSSH service fails to start, preventing SSH connections. A temporary workaround involves updating permissions on affected directories.
Conclusion
The January 2025 Patch Tuesday updates are critical for enhancing the security and performance of Windows systems. With 161 vulnerabilities addressed, including 11 critical ones, it is essential for users and organizations to apply these updates promptly to safeguard their systems against potential threats. By staying informed about the latest updates and known issues, users can ensure a secure and stable computing environment.
