Learn about the critical importance of timely patch management to protect against actively exploited vulnerabilities and how Check Point solutions can help safeguard Microsoft environments.

Risks:

Zero-Day, Privilege Escalation, Patch Management

Keywords:

Microsoft, Zero-Day, Hyper-V, Vulnerabilities, Patch Management, Remote Code Execution, Privilege Escalation

CVE:

CVE-2024-7344; CVE-2025-21333; CVE-2025-21334; CVE-2025-21335; CVE-2025-21186; CVE-2025-21366; CVE-2025-21395; CVE-2025-21275; CVE-2025-21308; CVE-2025-21294; CVE-2025-21295; CVE-2025-21298; CVE-2025-21307; CVE-2025-21311

Affected:

Microsoft, Windows Hyper-V NT Kernel Integration VSP, Windows Secure Boot, Microsoft Access, Windows App Package Installer, Windows Themes, Microsoft Digest Authentication, SPNEGO Extended Negotiation (NEGOEX), Windows Object Linking and Embedding (OLE), Windows Reliable Multicast Transport Driver (RMCAST), Windows NTLM

 

Overview of Microsoft's January 2025 Security Update

In January 2025, Microsoft released a significant security update addressing a total of 161 vulnerabilities across its software portfolio. This update includes three zero-day vulnerabilities that have been actively exploited in the wild. The update is notable for addressing the largest number of Common Vulnerabilities and Exposures (CVEs) in a single month since 2017.

Key Vulnerabilities Addressed

Actively Exploited Zero-Day Flaws

Among the patched vulnerabilities are three zero-day flaws within Windows Hyper-V NT Kernel Integration VSP. These vulnerabilities are classified as privilege escalation bugs, meaning they could be used by attackers who have already gained access to a system to elevate their privileges and gain more control over the system. The specific CVEs are:

• CVE-2025-21333
• CVE-2025-21334
• CVE-2025-21335

The flaws are related to the Virtualization Service Provider (VSP) in Hyper-V, which supports synthetic devices in virtual environments. These vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog.

Publicly Known Vulnerabilities

Microsoft also highlighted five vulnerabilities that were publicly known before the update:

• CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability
• CVE-2025-21366: Windows App Package Installer Elevation of Privilege Vulnerability
• CVE-2025-21395: Windows Themes Spoofing Vulnerability
• CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability
• CVE-2025-21308: Windows Themes Spoofing Vulnerability

Critical Vulnerabilities and Their Impact

The update addresses several critical vulnerabilities, with the following being of particular concern:

• CVE-2025-21294: A remote code execution vulnerability in Microsoft Digest Authentication that allows attackers to exploit a race condition to execute arbitrary code.
• CVE-2025-21295: A vulnerability in the SPNEGO Extended Negotiation (NEGOEX) security mechanism that could enable unauthenticated remote code execution. Despite its high complexity, successful exploitation could fully compromise enterprise infrastructure.
• CVE-2025-21298: Windows Object Linking and Embedding (OLE) Remote Code Execution Vulnerability.
• CVE-2025-21307: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability.
• CVE-2025-21311: Windows NTLM V1 Elevation of Privilege Vulnerability.

Remediation Steps

Microsoft's update underscores the importance of promptly applying patches to mitigate security risks. Organizations are advised to prioritize patching these vulnerabilities to protect their systems from potential exploitation.

 

Read More

https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html?m=1