Microsoft's Largest Patch Tuesday Since 2017: 161 Vulnerabilities Fixed in January 2025 Update

Microsoft has released its January 2025 Patch Tuesday update, with a total of 161 security vulnerabilities across its software portfolio. This makes it the largest number of CVEs (Common Vulnerabilities and Exposures) addressed in a single month by the company since at least 2017, according to the Zero Day Initiative. The update includes 11 vulnerabilities rated as Critical, 149 rated as Important, three zero-day vulnerabilities actively exploited in the wild, and five publicly known vulnerabilities, as reported by The Hacker News.

The three zero-day vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) affect the Windows Hyper-V NT Kernel Integration VSP. All three have a CVSS score of 7.8 and could allow an attacker to gain system privileges. Microsoft has confirmed these vulnerabilities are being actively exploited.

Zero-day vulnerabilities are security flaws unknown to the software vendor that remain unpatched at the time of their discovery. They are called "zero-day" because the vendor ...