Technology

Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s

Microsoft released a security as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities. These fixes are crucial for securing Windows operating systems and related software against potential exploitation. Key Highlights of December 2024 Patch Tuesday Updates: CVE Number CVE Title Impact Max Severity […] The post Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s appeared first on Cyber Security News.

Jan 14, 2025 - 19:43
Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s

Microsoft released a security as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities. These fixes are crucial for securing Windows operating systems and related software against potential exploitation.

Key Highlights of December 2024 Patch Tuesday Updates:

  1. CVE-2025-21362 & CVE-2025-21354: Both involve vulnerabilities in Microsoft Excel that allow remote code execution if a user opens a specially crafted file. These are critical as they could enable attackers to execute arbitrary code with user privileges.
  2. CVE-2025-21311: A critical vulnerability in Windows NTLM V1 that could allow privilege escalation, potentially giving attackers higher access levels on the system.
  3. CVE-2025-21309 & CVE-2025-21297: Both relate to vulnerabilities in Windows Remote Desktop Services, enabling remote code execution through maliciously crafted connections or files.
  4. CVE-2025-21307: Affects the Reliable Multicast Transport Driver (RMCAST), allowing remote attackers to execute arbitrary code.
  5. CVE-2025-21298 & CVE-2025-21296: These involve vulnerabilities in Windows OLE and BranchCache, respectively, which could permit remote code execution via crafted inputs.
  6. CVE-2025-21295 & CVE-2025-21294: Both are critical remote code execution vulnerabilities affecting authentication mechanisms (SPNEGO and Digest Authentication), which could compromise system integrity.
CVE NumberCVE TitleImpactMax Severity
CVE-2025-21417Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21413Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21411Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21409Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21405Visual Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21403On-Premises Data Gateway Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21402Microsoft Office OneNote Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21395Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21393Microsoft SharePoint Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21389Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21382Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21378Windows CSC Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21374Windows CSC Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21372Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21370Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21366Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21365Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21364Microsoft Excel Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21363Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21362Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21361Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21360Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21357Microsoft Outlook Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21356Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21354Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21348Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21346Microsoft Office Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21345Microsoft Office Visio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21344Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21343Windows Web Threat Defense User Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21341Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21340Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21339Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21338GDI+ Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21336Windows Cryptographic Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21335Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21334Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21333Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21332MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21331Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21330Windows Remote Desktop Services Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21329MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21328MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21327Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21326Internet Explorer Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21324Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21323Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21321Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21320Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21319Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21318Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21317Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21316Windows Kernel Memory Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21315Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21314Windows SmartScreen Spoofing VulnerabilitySpoofingImportant
CVE-2025-21313Windows Security Account Manager (SAM) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21312Windows Smart Card Reader Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21311Windows NTLM V1 Elevation of Privilege VulnerabilityElevation of PrivilegeCritical
CVE-2025-21310Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21309Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21308Windows Themes Spoofing VulnerabilitySpoofingImportant
CVE-2025-21307Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21306Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21305Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21304Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21303Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21302Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21301Windows Geolocation Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21300Windows upnphost.dll Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21299Windows Kerberos Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21298Windows OLE Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21297Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21296BranchCache Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21295SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21294Microsoft Digest Authentication Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-21293Active Directory Domain Services Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21292Windows Search Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21291Windows Direct Show Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21290Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21289Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21288Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21287Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21286Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21285Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21284Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21282Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21281Microsoft COM for Windows Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21280Windows Virtual Trusted Platform Module Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21278Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21277Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21276Windows MapUrlToZone Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21275Windows App Package Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21274Windows Event Tracing Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21273Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21272Windows COM Server Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21271Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21270Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21269Windows HTML Platforms Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21268MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21266Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21265Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21263Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21261Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21260Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21258Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21257Windows WLAN AutoConfig Service Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21256Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21255Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21252Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21251Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21250Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21249Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21248Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21246Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21245Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21244Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21243Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21242Windows Kerberos Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21241Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21240Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21239Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21238Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21237Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21236Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21235Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21234Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21233Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21232Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21231IP Helper Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21230Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21229Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21228Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21227Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21226Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21225Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21224Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21223Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21220Microsoft Message Queuing Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21219MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21218Windows Kerberos Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21217Windows NTLM Spoofing VulnerabilitySpoofingImportant
CVE-2025-21215Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21214Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21213Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21211Secure Boot Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21210Windows BitLocker Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21207Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21202Windows Recovery Environment Agent Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21193Active Directory Federation Server Spoofing VulnerabilitySpoofingImportant
CVE-2025-21189MapUrlToZone Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-21187Microsoft Power Automate Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21186Microsoft Access Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21178Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21176.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21173.NET Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21172.NET and Visual Studio Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21171.NET Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2024-7344Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2024-50338GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-managerInformation DisclosureImportant

Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information. 

All users should update their products to the latest version to prevent threat actors from exploiting these vulnerabilities.

The post Microsoft January 2025 Patch Tuesday – 159 Vulnerabilities Fixed, Including 10 Critical RCE’s appeared first on Cyber Security News.

Read More

Tags:

Previous Article

Why I've used this foldable phone for more than a year - and it's not a Samsung ...

Next Article

Big O Complexity for Graphs: Adjacency Matrix vs Adjacency List

Related Posts

China considers selling TikTok to Elon Musk

China considers selling TikTok to Elon Musk

Jan 15, 2025

Court docs: internal messages suggest Meta used data from piracy site LibGen to train AI Llama models and worked to conceal it, as Meta raced to beat rivals (The Verge)

Court docs: internal messages suggest Meta used data fr...

Jan 15, 2025

Samsung’s Galaxy Watch 6 is Down to a Super Low Price Right Now!

Samsung’s Galaxy Watch 6 is Down to a Super Low Price R...

Jan 14, 2025