Home > Security > Security News

January Microsoft Patch Tuesday Addresses 8 Zero-Day Vulnerabilities, 3 Actively Exploited

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor
Windows Patch Tuesday

This year’s first Patch Tuesday by Microsoft offered fixes for 159 vulnerabilities, of which eight were zero-days. The January 2025 security update noted that three of these zero-days show signs of active abuse.

The three actively exploited zero-days found in Windows Hyper-V NT Kernel are CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Their exploitation would give hackers system privileges. 

Offered on the second Tuesday of each month, this patch update offered fixes for vulnerabilities in Windows products.

This Patch Tuesday advisory included 40 elevation of privilege (EoP) vulnerabilities and 14 allowing security feature bypass upon exploitation. The number of flaws vulnerable to remote code execution (RCE) was 58, and another 24 issues would disclose information in the system.

Moreover, 20 of the vulnerabilities would allow a hacker to launch Denial of Service (DoS) attacks, and five others could make way for spoofing data. Users are urged to install software updates to maintain cybersecurity.

Two non-Microsoft CVEs are included in the update – GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager, and Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass.

The Microsoft flaws in the January 2025 security advisory are:

  1. CVE-2025-21171 - .Net Remote Code Execution Vulnerability, with a base score of 8.1.
  2. CVE-2025-21172 - .NET and Visual Studio Remote Code Execution Vulnerability, with a base score of 7.5.
  3. CVE-2025-21173 - .NET Elevation of Privilege Vulnerability with a base score of 8.0. 
  4. CVE-2025-21176 - .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability with a base score of 8.8.
  5. CVE-2025-21178 - Visual Studio Remote Code Execution Vulnerability with a base score of 8.8.
  6. CVE-2025-21186 - Microsoft Access Remote Code Execution Vulnerability with a base score of 7.8.
  7. CVE-2025-21187 - Microsoft Power Automate Remote Code Execution Vulnerability with a base score of 7.8.
  8. CVE-2025-21189 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  9. CVE-2025-21193 - Active Directory Federation Server Spoofing Vulnerability with a base score of 6.5.
  10. CVE-2025-21202 - Windows Recovery Environment Agent Elevation of Privilege Vulnerability with a base score of 6.1.
  11. CVE-2025-21207 - Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability with a base score of 7.5.
  12. CVE-2025-21210 - Windows BitLocker Information Disclosure Vulnerability with a base score of 4.2.
  13. CVE-2025-21211 - Secure Boot Security Feature Bypass Vulnerability with a base score of 6.8.
  14. CVE-2025-21213 - Secure Boot Security Feature Bypass Vulnerability with a base score of 4.6.
  15. CVE-2025-21214 - Windows BitLocker Information Disclosure Vulnerability with a base score of 4.2.
  16. CVE-2025-21215 - Secure Boot Security Feature Bypass Vulnerability with a base score of 4.6.
  17. CVE-2025-21217 - Windows NTLM Spoofing Vulnerability with a base score of 6.5.
  18. CVE-2025-21218 - Windows Kerberos Denial of Service Vulnerability with a base score of 7.5.
  19. CVE-2025-21219 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  20. CVE-2025-21220 - Microsoft Message Queuing Information Disclosure Vulnerability with a base score of 7.5.
  21. CVE-2025-21223 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  22. CVE-2025-21224 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability with a base score of 8.1.
  23. CVE-2025-21225 - Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability with a base score of 5.9.
  24. CVE-2025-21226 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  25. CVE-2025-21227 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  26. CVE-2025-21228 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  27. CVE-2025-21229 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  28. CVE-2025-21230 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  29. CVE-2025-21231 - IP Helper Denial of Service Vulnerability with a base score of 7.5.
  30. CVE-2025-21232 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  31. CVE-2025-21233 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  32. CVE-2025-21234 - Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability with a base score of 7.8.
  33. CVE-2025-21235 - Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability with a base score of 7.8.
  34. CVE-2025-21236 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  35. CVE-2025-21237 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  36. CVE-2025-21238 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  1. CVE-2025-21239 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  2. CVE-2025-21240 - Windows Telephony Service Remote Code Execution Vulnerability 8.8.
  3. CVE-2025-21241 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  4. CVE-2025-21242 - Windows Kerberos Information Disclosure Vulnerability with a base score of 5.9.
  5. CVE-2025-21243 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  6. CVE-2025-21244 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8
  7. CVE-2025-21245 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  8. CVE-2025-21246 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  9. CVE-2025-21248 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  10. CVE-2025-21249 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  11. CVE-2025-21250 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  12. CVE-2025-21251 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  13. CVE-2025-21252 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  14. CVE-2025-21255 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  15. CVE-2025-21256 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  16. CVE-2025-21257 - Windows WLAN AutoConfig Service Information Disclosure Vulnerability with a base score of 5.5.
  17. CVE-2025-21258 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  18. CVE-2025-21260 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  19. CVE-2025-21261 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  20. CVE-2025-21263 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  21. CVE-2025-21265 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  22. CVE-2025-21266 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  23. CVE-2025-21268 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  1. CVE-2025-21269 - Windows HTML Platforms Security Feature Bypass Vulnerability with a base score of 4.3.
  2. CVE-2025-21270 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  3. CVE-2025-21271 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability with a base score of 7.8.
  4. CVE-2025-21272 - Windows COM Server Information Disclosure Vulnerability with a base score of 6.5
  5. CVE-2025-21273 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  6. CVE-2025-21274 - Windows Event Tracing Denial of Service Vulnerability with a base score of 5.5.
  7. CVE-2025-21275 - Windows App Package Installer Elevation of Privilege Vulnerability with a base score of 7.8.
  8. CVE-2025-21276 - Windows MapUrlToZone Denial of Service Vulnerability with a base score of 7.5.
  9. CVE-2025-21277 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  10. CVE-2025-21278 - Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability with a base score of 6.2.
  11. CVE-2025-21280 - Windows Virtual Trusted Platform Module Denial of Service Vulnerability with a base score of 5.5.
  12. CVE-2025-21281 - Microsoft COM for Windows Elevation of Privilege Vulnerability with a base score of 7.8.
  13. CVE-2025-21282 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  14. CVE-2025-21284 - Windows Virtual Trusted Platform Module Denial of Service Vulnerability with a base score of 5.5.
  15. CVE-2025-21285 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  16. CVE-2025-21286 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  17. CVE-2025-21287 - Windows Installer Elevation of Privilege Vulnerability with a base score of 7.8.
  18. CVE-2025-21288 - Windows COM Server Information Disclosure Vulnerability with a base score of 6.5.
  19. CVE-2025-21289 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  20. CVE-2025-21290 - Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability with a base score of 7.5.
  21. CVE-2025-21291 - Windows Direct Show Remote Code Execution Vulnerability with a base score of 8.8.
  22. CVE-2025-21292 - Windows Search Service Elevation of Privilege Vulnerability with a base score of 8.8.
  23. CVE-2025-21293 - Active Directory Domain Services Elevation of Privilege Vulnerability with a base score of 8.8.
  24. CVE-2025-21294 - Microsoft Digest Authentication Remote Code Execution Vulnerability with a base score of 8.1.
  25. CVE-2025-21295 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability with a base score of 8.1.
  26. CVE-2025-21296 - BranchCache Remote Code Execution Vulnerability with a base score of 7.5.
  27. CVE-2025-21297 - Windows Remote Desktop Services Remote Code Execution Vulnerability with a base score of 8.1.
  28. CVE-2025-21298 - Windows Remote Code Execution Vulnerability with a base score of 9.8.
  29. CVE-2025-21299 - Windows Kerberos Security Feature Bypass Vulnerability with a base score of 7.1.
  30. CVE-2025-21300 - Windows upnphost.dll Denial of Service Vulnerability with a base score of 7.5.
  31. CVE-2025-21301 - Windows Geolocation Service Information Disclosure Vulnerability with a base score of 6.5.
  32. CVE-2025-21302 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  33. CVE-2025-21303 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  34. CVE-2025-21304 - Microsoft DWM Core Library Elevation of Privilege Vulnerability with a base score of 7.8.
  35. CVE-2025-21305 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  36. CVE-2025-21306 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  37. CVE-2025-21307 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability with a base score of 9.8.
  38. CVE-2025-21308 - Windows Themes Spoofing Vulnerability with a base score of 6.5.
  39. CVE-2025-21309 - Windows Remote Desktop Services Remote Code Execution Vulnerability with a base score of 8.1.
  40. CVE-2025-21310 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  41. CVE-2025-21311 - Windows NTLM V1 Elevation of Privilege Vulnerability with a base score of 9.8.
  42. CVE-2025-21312 - Windows Smart Card Reader Information Disclosure Vulnerability with a base score of 2.4.
  43. CVE-2025-21313 - Windows Security Account Manager (SAM) Denial of Service Vulnerability with a base score of 6.5.
  44. CVE-2025-21314 - Windows SmartScreen Spoofing Vulnerability with a base score of 6.5.
  45. CVE-2025-21315 - Microsoft Brokering File System Elevation of Privilege Vulnerability with a base score of 7.8.
  46. CVE-2025-21316 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  47. CVE-2025-21317 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  48. CVE-2025-21318 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  49. CVE-2025-21319 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  50. CVE-2025-21320 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  51. CVE-2025-21321 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5
  52. CVE-2025-21323 - Windows Kernel Memory Information Disclosure Vulnerability with a base score of 5.5.
  53. CVE-2025-21324 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  54. CVE-2025-21326 - Internet Explorer Remote Code Execution Vulnerability with a base score of 7.8.
  55. CVE-2025-21327 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  56. CVE-2025-21328 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  57. CVE-2025-21329 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  58. CVE-2025-21330 - Windows Remote Desktop Services Denial of Service Vulnerability with a base score of 7.5.
  59. CVE-2025-21331 - Windows Installer Elevation of Privilege Vulnerability with a base score of 7.3.
  60. CVE-2025-21332 - MapUrlToZone Security Feature Bypass Vulnerability with a base score of 4.3.
  61. CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability with a base score of 7.8.
  62. CVE-2025-21334 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability with a base score of 7.8.
  63. CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability with a base score of 7.8.
  64. CVE-2025-21336 - Windows Cryptographic Information Disclosure Vulnerability with a base score of 5.6.
  65. CVE-2025-21338 - GDI+ Remote Code Execution Vulnerability with a base score of 7.8.
  66. CVE-2025-21339 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  67. CVE-2025-21340 - Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability with a base score of 5.5.
  68. CVE-2025-21341 - Windows Digital Media Elevation of Privilege Vulnerability with a base score of 6.6.
  69. CVE-2025-21343 - Windows Web Threat Defense User Service Information Disclosure Vulnerability with a base score of 7.5.
  70. CVE-2025-21344 - Microsoft SharePoint Server Remote Code Execution Vulnerability with a base score of 7.8.
  71. CVE-2025-21345 - Microsoft Office Visio Remote Code Execution Vulnerability with a base score of 7.8.
  72. CVE-2025-21346 - Microsoft Office Security Feature Bypass Vulnerability with a base score of 7.1.
  73. CVE-2025-21348 - Microsoft SharePoint Server Remote Code Execution Vulnerability with a base score of 7.2.
  74. CVE-2025-21354 - Microsoft Excel Remote Code Execution Vulnerability with a base score of 7.8.
  75. CVE-2025-21356 - Microsoft Office Visio Remote Code Execution Vulnerability with a base score of 7.8.
  76. CVE-2025-21357 - Microsoft Outlook Remote Code Execution Vulnerability with a base score of 6.7.
  77. CVE-2025-21360 - Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability with a base score of 7.8.
  78. CVE-2025-21361 - Microsoft Outlook Remote Code Execution Vulnerability with a base score of 7.8.
  79. CVE-2025-21362 - Microsoft Excel Remote Code Execution Vulnerability with a base score of 7.8.
  80. CVE-2025-21363 - Microsoft Word Remote Code Execution Vulnerability with a base score of 7.8.
  81. CVE-2025-21364 - Microsoft Excel Security Feature Bypass Vulnerability with a base score of 7.8.
  82. CVE-2025-21365 - Microsoft Office Remote Code Execution Vulnerability with a base score of 7.8.
  83. CVE-2025-21366 - Microsoft Access Remote Code Execution Vulnerability with a base score of 7.8.
  84. CVE-2025-21370 - Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability with a base score of 7.8.
  85. CVE-2025-21372 - Microsoft Brokering File System Elevation of Privilege Vulnerability with a base score of 7.8.
  86. CVE-2025-21374 - Windows CSC Service Information Disclosure Vulnerability with a base score of 5.5.
  87. CVE-2025-21378 - Windows CSC Service Elevation of Privilege Vulnerability with a base score of 7.8.
  88. CVE-2025-21380 - Azure Marketplace SaaS Resources Information Disclosure Vulnerability with a base score of 8.8.
  89. CVE-2025-21382 - Windows Graphics Component Elevation of Privilege Vulnerability with a base score of 7.8.
  90. CVE-2025-21385 - Microsoft Purview Information Disclosure Vulnerability with a base score of 8.8.
  91. CVE-2025-21389 - Windows upnphost.dll Denial of Service Vulnerability with a base score of 7.5.
  92. CVE-2025-21393 - Microsoft SharePoint Server Spoofing Vulnerability with a base score of 6.3.
  93. CVE-2025-21395 - Microsoft Access Remote Code Execution Vulnerability with a base score of 7.8.
  94. CVE-2025-21402 - Microsoft Office OneNote Remote Code Execution Vulnerability with a base score of 7.8.
  95. CVE-2025-21403 - On-Premises Data Gateway Information Disclosure Vulnerability with a base score of 6.4.
  96. CVE-2025-21405 - Visual Studio Elevation of Privilege Vulnerability with a base score of 7.3.
  97. CVE-2025-21409 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  98. CVE-2025-21411 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  99. CVE-2025-21413 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.
  100.  CVE-2025-21417 - Windows Telephony Service Remote Code Execution Vulnerability with a base score of 8.8.

Add a Comment
Related
Fortinet (1)
Fortinet Firewalls Targeted by Hackers Exploiting Zero-Day Vulnerability
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Zoom Vulnerability Patched
Zoom Patches Several Flaws That Enable Privilege Escalation and Denial of Service 
China State Sponsered Spies
New Ivanti VPN Zero-Day Exploit Suspected to Come from China-Backed Cyber Spies
Mitel and Oracle Systems Flaws Under Active Exploitation, CISA Warns
License Plate Camera Reader
US License Plate Readers Leak Live Streams and Vehicle Data due to Misconfiguration
Most Popular
University of Oklahoma
Fog Ransomware Group Claims University of Oklahoma Data Breach, Exfiltrates 91GB of Data
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Alto Knights
Everything About The Alto Knights Movie: Robert De Niro’s Double role & Latest Trailer Insights
Younger
Younger: Is Season 8 Possible? What Happens to Liza and Josh in the end?
90 Day Fiancé
90 Day Fiancé Season 11 cast: The First-Ever Throuple and a Trans Couple!
Skeleton Crew
Is Skeleton Crew Season 2 Happening? Latest Updates & what we know so far
Fog Ransomware Group Claims University of Oklahoma Data Breach, Exfiltrates 91GB of Data
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Everything About The Alto Knights Movie: Robert De Niro’s Double role & Latest Trailer Insights
Younger: Is Season 8 Possible? What Happens to Liza and Josh in the end?
90 Day Fiancé Season 11 cast: The First-Ever Throuple and a Trans Couple!
Is Skeleton Crew Season 2 Happening? Latest Updates & what we know so far

Most Popular
University of Oklahoma
Fog Ransomware Group Claims University of Oklahoma Data Breach, Exfiltrates 91GB of Data
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Alto Knights
Everything About The Alto Knights Movie: Robert De Niro’s Double role & Latest Trailer Insights
Younger
Younger: Is Season 8 Possible? What Happens to Liza and Josh in the end?
90 Day Fiancé
90 Day Fiancé Season 11 cast: The First-Ever Throuple and a Trans Couple!
Skeleton Crew
Is Skeleton Crew Season 2 Happening? Latest Updates & what we know so far
Fog Ransomware Group Claims University of Oklahoma Data Breach, Exfiltrates 91GB of Data
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Everything About The Alto Knights Movie: Robert De Niro’s Double role & Latest Trailer Insights
Younger: Is Season 8 Possible? What Happens to Liza and Josh in the end?
90 Day Fiancé Season 11 cast: The First-Ever Throuple and a Trans Couple!
Is Skeleton Crew Season 2 Happening? Latest Updates & what we know so far

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: