Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Rapid7‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.
The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335. These are sequential because all reside in Windows Hyper-V, a component that is heavily embedded in modern Windows 11 operating systems and used for security features including device guard and credential guard.
Tenable’s Satnam Narang says little is known about the in-the-wild exploitation of these flaws, apart from the fact that they are all “privilege escalation” vulnerabilities. Narang said we tend to see a lot of elevation of privilege bugs exploited in the wild as zero-days in Patch Tuesday because it’s not always initial access to a system that’s a challenge for attackers as they have various avenues in their pursuit.
“As elevation of privilege bugs, they’re being used as part of post-compromise activity, where an attacker has already accessed a target system,” he said. “It’s kind of like if an attacker is able to enter a secure building, they’re unable to access more secure parts of the facility because they have to prove that they have clearance. In this case, they’re able to trick the system into believing they should have clearance.”
Several bugs addressed today earned CVSS (threat rating) scores of 9.8 out of a possible 10, including CVE-2025-21298, a weakness in Windows that could allow attackers to run arbitrary code by getting a target to open a malicious .rtf file, documents typically opened on Office applications like Microsoft Word. Microsoft has rated this flaw “exploitation more likely.”
Ben Hopkins at Immersive Labs called attention to the CVE-2025-21311, a 9.8 “critical” bug in Windows NTLMv1 (NT LAN Manager version 1), an older Microsoft authentication protocol that is still used by many organizations.
“What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can reach the compromised machine(s) over the internet, and the attacker does not need significant knowledge or skills to achieve repeatable success with the same payload across any vulnerable component,” Hopkins wrote.
Kev Breen at Immersive points to an interesting flaw (CVE-2025-21210) that Microsoft fixed in its full disk encryption suite Bitlocker that the software giant has dubbed “exploitation more likely.” Specifically, this bug holds out the possibility that in some situations the hibernation image created when one closes the laptop lid on an open Windows session may not be fully encrypted and could be recovered in plain text.
“Hibernation images are used when a laptop goes to sleep and contains the contents that were stored in RAM at the moment the device powered down,” Breen noted. “This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files.”
Tenable’s Narang also highlighted a trio of vulnerabilities in Microsoft Access fixed this month and credited to Unpatched.ai, a security research effort that is aided by artificial intelligence looking for vulnerabilities in code. Tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395, these are remote code execution bugs that are exploitable if an attacker convinces a target to download and run a malicious file through social engineering. Unpatched.ai was also credited with discovering a flaw in the December 2024 Patch Tuesday release (CVE-2024-49142).
“Automated vulnerability detection using AI has garnered a lot of attention recently, so it’s noteworthy to see this service being credited with finding bugs in Microsoft products,” Narang observed. “It may be the first of many in 2025.”
If you’re a Windows user who has automatic updates turned off and haven’t updated in a while, it’s probably time to play catch up. Please consider backing up important files and/or the entire hard drive before updating. And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.
Further reading on today’s patches from Microsoft:
Based on the wording from Microsoft, CVE-2025-21298 doesn’t appear to require users to actually open the RTF files as currently-worded in this article (such as those that arrive as an email attachment). The vulnerability seems to be related to OLE such that Outlook is affected, so all the attacker needs to do is send a specially-crafted email to a target that uses Outlook. This is a somewhat important distinction (specific user interaction not being required) and I believe is part of why it’s rated at a 9.8.
Speaking of Microsoft, there is a current article about some dodgy code in the 6.13 kernel submitted by a Microsoft engineer that could have caused serious issues with some systems.
A funny headline about the issue: “Microsoft pulls a Windows as it breaks Linux on Intel CPUs and angers AMD in the process”
I just bought a Lenovo neo 50t. It runs Ubuntu Pro 24.04, but sometimes it has to by force when it comes to Windows. It is a dual boot machine, with Windows 11 Pro on another partition. On install, and now apparently on Update Tuesday, 11 Pro decides to diddle with the boot sequence in UEFI and place itself first. That forces me to go back into UEFI and change the boot sequence. Even with a supervisor password on UEFI.
Serious question. Why do you configure dual boot on a machine with such high performance? I can understand tinkering and just occasionally playing around with Linux as an option, but surely installing Ubuntu (or any other distro for that matter) through WSL would not only end your UEFI issues but allow you to run 2 systems at once.
Or if your not comfortable with command line, install a Ubuntu virtual machine in Hyper-V Manager and you get a GUI desktop – configure dual monitor display Windows left, Linux right and the keyboard and mouse all interchange seamlessly. That Lenovo would chew the job up in a pinch.
Oh yes just gotta love Windoze! I wonder if they just laugh at ya’ll using Win all the way to the bank? Just keep on using it.
Oh look ya’ll a troll.
I am on Win10. Updates went smoothly.
When are we going to turn the code writing over to AI’s, which will hopefully produce better, tighter code with less need for broken security updates?
AI’s can’t possibly do worse than what human programmers do now.
“AI’s can’t possibly do worse than what human programmers do now.” Are we hallucinating? They literally draw from human mistakes by the billions and mash them all together. “Could” you build AI that was trained on best practices and all that good stuff, sure, but that’s not what it is. They can’t even understand human limbs yet. And when you take a tool like AI and put it in the hands of people who obviously don’t check their work well enough AS IS, do you really think that’s going to be the instant panacea claimed? 4 out of 5 doctors know you can’t eat rocks on pizza and call it good.
AI’s can assist with code writing, but they’re only as good as their training data and oversight. They can speed up repetitive tasks and suggest improvements, but without a dang review, they might replicate or even make errors worse. Also, you are literally going to encounter issues with EVERY security update, its called improvement nobody is perfect and AI is far from that at the moment.
I have to take the opposite view : Using AI to generate code repeats the errors that have been made over the last 30 years, for two reasons.
1. The code that was written to solve a particular algorithm application was written for an older version of the software programming language that is being used currently at the time of the request for an AI solution.
2. AI is not synthesizing new solutions (Quantum programming MAY be able to do that reliably in the next 30 years (by 2055). AI is combining the knowledge of accepted solutions in the knowledge domain it has analyzed.
Anyone else have network issues after installing the updates? Installed them, then could only connect to google and youtube, every other site down. Uninstalled 2 of the 3 updates, and everything works (I left the .NET framework update up).
Wow, that’s a bizarre one. Thanks for the post!
Yes. Our home modem/router is an older Arris DOCSIS 3.0 compliant router purchased almost 10 years ago (I have to use an old version of Falkon to connect to the router because its TSL version is too low for modern browsers). The firewall was set to high. After the patch Tuesday updates both my wife’s laptop and my work laptop (both Windows 10) showed internet access, but the browsers refused to connect to any of the websites that we tried. Changing the firewall to medium resolved the issue.
Both firewall levels allow:
Service Port Protocol
DNS 53 Both
HTTP 80 TCP
HTTP-S 443 TCP
IMAP-S 993 TCP
IPSec NAT-T 4500 TCP
NTP 123 UDP
POP3-S 995 TCP
SMTP 25 TCP
SMTP-S 435 TCP
SSH 22 TCP
While the medium firewall level additionally allows:
Service Port Protocol
AIM / ICQ 5190 TCP
DHCPv6 546 UDP
FTP-S 989-990 UDP
HTTP Alternate 8080 TCP
IMAP 143 TCP
POP3 110 TCP
Radius 1812 Both
Steam 1725 UDP
Steam Friends 1200 UDP
Telnet-S 992 TCP
XBOX Live 3074 Both
World of Warcraft 3724 Both
Yahoo Messenger 5050 TCP
As posted a couple of months ago here, those feeling stuck on windows 10 because of older hardware do actually have the option to upgrade to windows 11. October 2025 is the last month to receive security updates on windows 10.
I have a 10 year old I3 laptop that I upgraded to windows 11 ver 24h2 with the below mentioned procedures and it has received patch Tuesday updates just fine in December and now in January. The procedures do not break any Microsoft rules however Microsoft does “warn” that there may be issues down the road in running windows 11 on hardware that is not fully up to their standards.
The procedures were originally obtained on the web and tweaked a bit. The procedures do detail the web postings where they came from.
Here is where you can find them:
https://lsattle.wordpress.com/
Getting BSOD and crashes on multiple win 10 towers and notebooks after 2025 01 updates. They ALL were well-behaved before this week. Will keep posting here as updates post-mortem progresses.
The update was getting error 0x800f0845 on my Win 10 pro AMD 5800H 64 GB RTX3060M top offline AI notebook, fixed filesystem files and image with sfc and dism. No BSOD afterwards. Will not post more unless others are significantly different cases. Happy tRump 2025 ! Watch him cheat at golf while america burns and drowns ! The name is kakistocracy not idiocracy !
@polbel
When it becomes available, perhaps consider receiving the TDS vaccine that Dr. Fauci is working on with funding from Bill Gates. Hopefully it can’t be any worse than the condition itself.
@Quid
Well said … 🙂 🙂 🙂
I thought you guys didn’t like vaccines, what with the mind control and availability of horse medicines?
TDS = tRump’s alzheimer. there is no known cure of vaccine and he is doing all kinds of insane stuff because red caps can’t figure that and encourage him to sink deeper and deeper. Did you see a criminal president pardon 1500 others from his cult this week?
u r a bot
“I looked at them and said, ‘I’m leaving in six hours. If the prosecutor is not fired, you’re not getting the money.’ Well, son of a b!tch; he got fired. And they put in place someone who was solid at the time.” –Quid Pro Joe ! The party is communistocracy not democratocracy !
161 Moles whacked. What a feat on the part of Microsoft’s team. I predict we’ll see them pop up again in the weeks and months ahead after a rejuvenation iteration.
Great breakdown of the recent security updates! It’s crucial for users to stay on top of these patches, especially with so many vulnerabilities in active exploitation. The growing role of AI in vulnerability detection is also fascinating!
I have to take the opposite view : Using AI to generate code repeats the errors that have been made over the last 30 years, for two reasons.
1. The code that was written to solve a particular algorithm application was written for an older version of the software programming language that is being used currently at the time of the request for an AI solution.
2. AI is not synthesizing new solutions (Quantum programming MAY be able to do that reliably in the next 30 years, that is, by 2055). AI is combining the knowledge of accepted solutions in the knowledge domain it has analyzed.
Thank you for useful information. Interesting article.