Jetzt Ausprobieren
Patch Tuesday

Microsoft Patch Tuesday – January 2025

9 min. read
14/01/2025
By Esben Dochy

Contents

Microsoft Patch Tuesday

⚡ TL;DR | Go Straight to the January 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The January 2025 edition of Patch Tuesday brings us 159 new fixes, with 10 rated as critical and 3 exploited. We’ve listed the most important changes below.

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities

The top vulnerability is not just one vulnerability but three. CVE-2025-21335, CVE-2025-21334, CVE-2025-21333 are three elevation of privilege vulnerabilities that have known exploits. If exploited, an attacker gain SYSTEM privileges.

All three vulnerabilities do not have the highest CVSS score, at 7.8, regardless, since an exploit is available, it still puts it at the top of our list.

Microsoft Excel Vulnerabilities

Microsoft Excel received three fixes. Two remote code execution vulnerabilities (CVE-2025-21354, CVE-2025-21362) and one security feature bypass vulnerability (CVE-2025-21364).

All three vulnerabilities are critical and also receive the „more likely“ to be exploited label from Microsoft. The vulnerabilities can be exploited even through the preview functionality Microsoft Excel provides.

Specific to the security bypass vulnerability is that an attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.

Windows OLE Remote Code Execution Vulnerability

The last highlight of this month is CVE-2025-21298. This RCE vulnerability probably has the highest CVSS base score this month with a 9.8! Additionally, it is rated as critical and has the „more likely“ to be exploited label.

Microsoft Object Linking and Embedding (OLE) allows embedding and linking objects across applications like Word and Excel, but its flexibility makes it a target for attackers.

Microsoft provided the following additional context:

How could an attacker exploit the vulnerability?

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim’s machine.

Run the Patch Tuesday January 2025 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Run the January Patch Tuesday Audit

Patch Tuesday January 2025 CVE Codes & Titles

CVE NumberCVE Title
CVE-2025-21417Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21409Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21405Visual Studio Elevation of Privilege Vulnerability
CVE-2025-21403On-Premises Data Gateway Information Disclosure Vulnerability
CVE-2025-21402Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21395Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21393Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-21389Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21382Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21378Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21374Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21372Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21370Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21366Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21365Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21364Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21363Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21362Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21361Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21360Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-21357Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21356Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21354Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21348Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21346Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21345Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21344Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21343Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21341Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21340Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21339Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21338GDI+ Remote Code Execution Vulnerability
CVE-2025-21336Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21335Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21333Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21332MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21331Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21330Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21329MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21328MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21327Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21326Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21324Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21323Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21321Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21320Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21319Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21318Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21316Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21315Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21314Windows SmartScreen Spoofing Vulnerability
CVE-2025-21313Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21312Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21311Windows NTLM V1 Elevation of Privilege Vulnerability
CVE-2025-21310Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21309Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21308Windows Themes Spoofing Vulnerability
CVE-2025-21307Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21306Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21305Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21304Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-21303Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21302Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21301Windows Geolocation Service Information Disclosure Vulnerability
CVE-2025-21300Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21299Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21298Windows OLE Remote Code Execution Vulnerability
CVE-2025-21297Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21296BranchCache Remote Code Execution Vulnerability
CVE-2025-21295SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21294Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21293Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21292Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21291Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21290Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21289Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21288Windows COM Server Information Disclosure Vulnerability
CVE-2025-21287Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21286Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21285Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21284Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21282Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21281Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21280Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21278Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21277Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21276Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21275Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21274Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21273Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21272Windows COM Server Information Disclosure Vulnerability
CVE-2025-21271Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21270Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21269Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21268MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21266Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21265Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21263Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21260Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21258Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21257Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-21256Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21255Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21252Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21251Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21250Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21249Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21248Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21243Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21242Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21241Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21235Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21234Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21233Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21232Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21231IP Helper Denial of Service Vulnerability
CVE-2025-21230Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21229Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21226Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21225Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21224Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21223Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21220Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21219MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21218Windows Kerberos Denial of Service Vulnerability
CVE-2025-21217Windows NTLM Spoofing Vulnerability
CVE-2025-21215Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21214Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21213Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21211Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21210Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21207Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21202Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21193Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21189MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21187Microsoft Power Automate Remote Code Execution Vulnerability
CVE-2025-21186Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21178Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21173.NET Elevation of Privilege Vulnerability
CVE-2025-21172.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21171.NET Remote Code Execution Vulnerability
CVE-2024-7344Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2024-50338GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager