Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform.

The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.

As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.

The three exploited zero-days — CVE-2025-21334, CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that handles efficient resource ...