Microsoft January 2025 Patch Tuesday Comes with Fix for 159 Vulnerabilities

Microsoft’s January 2025 Patch Tuesday has arrived with a significant security update, addressing a total of 159 vulnerabilities.

This marks the largest number of CVEs addressed in a single month since at least 2017, more than doubling the usual amount fixed in January.

Out of the 159 CVEs, 11 are classified as critical security flaws. Fortunately, none of these critical vulnerabilities are currently being exploited in the wild.

However, it’s important to note that this situation can change rapidly, as “Patch Tuesday” is often followed by “Exploit Wednesday,” when newly disclosed flaws come under active attack.

Three vulnerabilities rated as important are currently under active exploit:-

1. CVE-2025-21333
2. CVE-2025-21334
3. CVE-2025-21335

These flaws target the Windows Hyper-V NT Kernel Integration component, allowing threat actors to elevate privileges from restricted users to administrator access.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Affected Services and ...