Microsoft has released its first security update of 2025, addressing 159 vulnerabilities, including eight zero-day flaws, with three already being actively exploited in the wild.
The January 2025 Patch Tuesday release encompasses a wide range of security fixes, with twelve vulnerabilities classified as "Critical."
The most pressing concerns are three actively exploited zero-day vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) affecting Windows Hyper-V NT Kernel Integration VSP. These flaws could allow attackers to gain SYSTEM privileges on Windows devices.
Microsoft reports that these sequentially numbered vulnerabilities were likely discovered through related attack patterns, though specific exploitation details remain undisclosed.
Among the remaining vulnerabilities, the patch addresses 58 remote code execution flaws, 40 elevation of privilege issues, 24 information disclosure vulnerabilities, 20 denial of service problems, 14 security feature bypass vulnerabilities, and 5 spoofing vulnerabilities.
Notably, the update includes fixes for several publicly disclosed zero-days, including CVE-2025-21275, a Windows App Package Installer elevation of privilege vulnerability, and CVE-2025-21308, a Windows Themes spoofing vulnerability discovered by Blaz Satler of 0patch by ACROS Security. The latter could be exploited when users view specially crafted Theme files in Windows Explorer, potentially exposing NTLM credentials to attackers.
Microsoft has also addressed three remote code execution vulnerabilities in Microsoft Access (CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395). As a mitigation measure, Microsoft is now blocking various Access document types (.accdb, .accde, .accdw, .accdt, .accda, .accdr, and .accdu) when received via email.
The updates are recommended to all users as they close security gaps and introduce improvements. The patches start for all users of the still fully supported versions of Windows 10 and Windows 11. Microsoft lists all changes and available variants for desktop and server in the Windows update history and has published the corresponding knowledge base articles. We have compiled the available updates.
Here is the list of the vulnerabilities Microsoft fixed in the January 2025 Security Update.
| CVE Number | CVE Title | Impact | Max Severity |
|---|---|---|---|
| CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability | Elevation of Privilege | Critical |
| CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21308 | Windows Themes Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21217 | Windows NTLM Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21171 | .NET Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass | ||
| CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager | Information Disclosure | Important |
The updates can be obtained via the Windows Update function, via the Microsoft Update Catalog or via Windows Server Update Services (WSUS). Also, users can install today's update by going to Start > Settings > Windows Update and clicking on 'Check for Updates.'
Windows 10 (KB5049981 / KB5050008 / KB5049993 / KB5050013) January 2025 Patch Tuesday out:
- Version 21H2, 22H2 KB5049981 (Build 19044.5371, 19045.5371)
- Version 1809, KB5050008 (Build 17763.6775)
- Version 1607, Windows Server 2016, KB5049993 (Build 14393.7699)
- Version 1507, KB5050013 (Build 10240.20890)