Security Sophos

159-CVE January Patch Tuesday smashes single-month record

January 14, 2025 0 Comments cve-2025-21298, featured, Microsoft, Microsoft Windows, ole, Patch Tuesday, RTF, threat research

Credit to Author: Angela Gunn| Date: Wed, 15 Jan 2025 03:09:41 +0000

Microsoft on Tuesday released 159 patches touching 13 product families. Nine of the addressed issues are considered by Microsoft to be of Critical severity, and 43 have a CVSS base score of 8.0 or higher. Three are under active exploit in the wild. One can best be mitigated by “configur[ing] Microsoft Outlook to read all standard mail in plain text.”

The unprecedented patch haul falls mainly to Windows, with 132 patches applicable to the operating system. (132 patches would itself quality as the third-largest release since 2020.) Within that group, a number of themes emerge – 28 remote-code-execution patches affecting Windows Telephony Services, for instance, or the 17 elevation-of-privilege issues addressed in Windows Digital Media. Eight of the Windows patches are critical-severity, including the OLE-involved Outlook bug noted above. (We’ll look more closely at that situation in a minute.)

At patch time, three important-severity EoP issues, all titled “Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are known to be under exploit in the wild, with 17 additional CVEs more likely to be exploited in the next 30 days by the company’s estimation. Two of this month’s issues are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, the release includes advisory information on Servicing Stack Updates, as well as information on the month’s single Edge patch (there is also an Internet Explorer patch, as we’ll discuss below) and two issues covered in the release but already mitigated by Microsoft. We are as always including at the end of this post additional appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family; an appendix covering the advisory-style updates; and a breakout of the 130 patches affecting the various Windows Server platforms still in support.

Total CVEs: 159
Publicly disclosed: 3
Exploit detected: 3
Severity
- Critical: 9
- Important: 150
Impact
- Remote Code Execution: 58
- Elevation of Privilege: 40
- Information Disclosure: 22
- Denial of Service: 20
- Security Feature Bypass: 14
- Spoofing: 5
CVSS base score 9.0 or greater: 3
CVSS base score 8.0 or greater: 40

Figure 1: Though RCE continues to rule the roost, a variety of impacts are represented in the first patch haul of the year

Products

Windows: 132
365: 13
Office: 13
Visual Studio: 7
.NET: 4
Access: 3
SharePoint: 3
Office for Mac: 2
AutoUpdate for Mac: 1
Excel: 1
Outlook: 1
On-Premises Data Gateway: 1
Power Automate: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect.

Figure 2: All but two of January’s Windows patches apply to the server-side OS. As for the rest, Office for Mac gets a single patch all to iteself and shares one with other versions of Office

Notable January updates

In addition to the issues discussed above, a number of specific items merit attention.

CVE-2025-21298 — Windows OLE Remote Code Execution Vulnerability

With a CVSS base score of 9.8, this critical-severity issue is already attention-getting, but it’s even more exciting than that. This is an RTF (Rich Text Format) issue, so though it must be corrected in Windows it applies to various products, in particular email. Since the flaw can be triggered in Preview Pane, an attacker deploying this vulnerability would have to do nothing more than send a malicious email to the target; even if the user doesn’t click on anything, simply viewing it is sufficient to set off RCE. Fortunately it’s not yet believed to be under active exploit in the wild – the finders worked with The Zero-Day Initiative to bring it to Microsoft’s attention – but it’s reasonable to assume the clock is ticking. As noted above, the company does indeed recommend that users stick with reading their email in plaintext, and gives the instructions for configuring individual machines to do so in Outlook. Users of other email programs will wish to take note and act accordingly.

CVE-2025-21311 — Windows NTLM V1 Elevation of Privilege Vulnerability

Another 9.8 on CVSS’s scale, this one applies to Microsoft’s most recent offerings (Windows 11 24H2, Server 2022 23H2, Server 2025) and is relatively easy to mitigate by setting LmCompatibilityLevel to its maximum value of 5, thus disallowing usage of the MTLMv1 protocol. That’s good, because the vulnerability is remotely exploitable, requires no particular knowledge of the target system, and has a high success rate.

CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Access Remote Code Execution Vulnerability

Continuing this month’s theme of “changes to email functionality that’ll make end users cranky,” the patches for these CVEs all block seven potentially malicious extensions (.accda, .accdb, .accde, .accdr, accdt, .accdu, .accdw) from being sent via email. Microsoft states that the recipient will get a notification that there was an attachment but that it cannot be accessed. All three issues are RCE aimed at RDP, and all three are already publicly known.

CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – various titles

Eight of this month’s patches involve Virtual Secure Mode components, which means that administrators need to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues.

CVE-2025-21343 — Windows Web Threat Defense User Service Information Disclosure Vulnerability

An Important-severity information-disclosure issue, this oddity can, if exploited, allow the attacker to capture screenshots of another user’s session. It’s likewise rather specific in scope, affecting only Windows 11 22H2, 23H2, and 24H2. It was submitted to Microsoft by an uncommon finder, the Australian Signals Directorate.

CVE-2025-21326 — Internet Explorer Remote Code Execution Vulnerability

Seems like old times with a name like that, but this important-severity RCE affects not the browser of yore but Windows Server 2022 23H2 and Windows Server 2025.

Figure 3: This spike at the right edge? There we are

Sophos protections

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of January patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (58 CVEs)

Critical severity
CVE-2025-21178	Visual Studio Remote Code Execution Vulnerability
CVE-2025-21294	Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21295	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296	BranchCache Remote Code Execution Vulnerability
CVE-2025-21297	Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298	Windows OLE Remote Code Execution Vulnerability
CVE-2025-21307	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309	Windows Remote Desktop Services Remote Code Execution Vulnerability
Important severity
CVE-2025-21171	.NET Remote Code Execution Vulnerability
CVE-2025-21172	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21187	Microsoft Power Automate Remote Code Execution Vulnerability
CVE-2025-21223	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21233	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21243	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21250	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21252	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21266	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21273	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21282	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21286	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21291	Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21302	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21305	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21306	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21326	Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21338	GDI+ Remote Code Execution Vulnerability
CVE-2025-21339	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21344	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21345	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21348	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21354	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21357	Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361	Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21363	Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21365	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21366	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21402	Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21409	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417	Windows Telephony Service Remote Code Execution Vulnerability

Elevation of Privilege (40 CVEs)

Critical severity
CVE-2025-21311	Windows NTLM V1 Elevation of Privilege Vulnerability
Important severity
CVE-2025-21173	.NET Elevation of Privilege Vulnerability
CVE-2025-21202	Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21226	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21232	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21234	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21235	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21249	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21255	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21258	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21260	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21263	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21265	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21271	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21275	Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21281	Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21287	Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21292	Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21293	Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21304	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-21310	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21315	Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21324	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21327	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21331	Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21341	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21360	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-21370	Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21372	Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21378	Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21382	Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21405	Visual Studio Elevation of Privilege Vulnerability

Information Disclosure (22 CVEs)

Important severity
CVE-2024-50338	GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVE-2025-21210	Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21214	Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21215	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21220	Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21242	Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21257	Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-21272	Windows COM Server Information Disclosure Vulnerability
CVE-2025-21288	Windows COM Server Information Disclosure Vulnerability
CVE-2025-21301	Windows Geolocation Service Information Disclosure Vulnerability
CVE-2025-21312	Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21316	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21318	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21319	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21320	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21321	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21323	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21336	Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21343	Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21374	Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21403	On-Premises Data Gateway Information Disclosure Vulnerability

Denial of Service (20 CVEs)

Important severity
CVE-2025-21207	Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21218	Windows Kerberos Denial of Service Vulnerability
CVE-2025-21225	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21230	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21231	IP Helper Denial of Service Vulnerability
CVE-2025-21251	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21270	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21274	Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21276	Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21277	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21278	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21280	Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21284	Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21285	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21289	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21290	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21300	Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21313	Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21330	Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21389	Windows upnphost.dll Denial of Service Vulnerability

Security Feature Bypass (14 CVEs)

Important severity
CVE-2024-7344	Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21211	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21213	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21219	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21268	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269	Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21299	Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21328	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21332	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21340	Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21346	Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21364	Microsoft Excel Security Feature Bypass Vulnerability

Spoofing (5 CVEs)

Important severity
CVE-2025-21193	Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21217	Windows Mark of the Web Spoofing Vulnerability
CVE-2025-21308	Windows Themes Spoofing Vulnerability
CVE-2025-21314	Windows SmartScreen Spoofing Vulnerability
CVE-2025-21393	Microsoft SharePoint Server Spoofing Vulnerability

Appendix B: Exploitability

This is a list of the January CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation detected
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Exploitation more likely within the next 30 days
CVE-2025-21189	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21210	Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21219	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21268	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269	Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21292	Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21298	Windows OLE Remote Code Execution Vulnerability
CVE-2025-21299	Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21309	Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21314	Windows SmartScreen Spoofing Vulnerability
CVE-2025-21315	Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21328	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21354	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21364	Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365	Microsoft Office Remote Code Execution Vulnerability

Appendix C: Products Affected

This is a list of January’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Issues affecting Windows Server are further sorted in Appendix E. Please note that Office for Mac has a standalone entry for CVE-2025-21361, which affects only that platform.

Windows (132 CVEs)

Critical severity
CVE-2025-21294	Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21295	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296	BranchCache Remote Code Execution Vulnerability
CVE-2025-21297	Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298	Windows OLE Remote Code Execution Vulnerability
CVE-2025-21307	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309	Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21311	Windows NTLM V1 Elevation of Privilege Vulnerability
Important severity
CVE-2024-7344	Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21193	Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21202	Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21207	Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21210	Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21211	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21213	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21214	Windows BitLocker Information Disclosure Vulnerability
CVE-2025-21215	Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21217	Windows Mark of the Web Spoofing Vulnerability
CVE-2025-21218	Windows Kerberos Denial of Service Vulnerability
CVE-2025-21219	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21220	Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21223	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21225	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21226	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21230	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21231	IP Helper Denial of Service Vulnerability
CVE-2025-21232	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21233	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21234	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21235	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21236	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21242	Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21243	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21249	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21250	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21251	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21252	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21255	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21257	Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-21258	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21260	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21263	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21265	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21266	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21268	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21269	Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21270	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21271	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21272	Windows COM Server Information Disclosure Vulnerability
CVE-2025-21273	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21274	Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21275	Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21276	Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21277	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21278	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21280	Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21281	Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21282	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21284	Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21285	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21286	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21287	Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21288	Windows COM Server Information Disclosure Vulnerability
CVE-2025-21289	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21290	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21291	Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21292	Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21293	Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21299	Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21300	Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21301	Windows Geolocation Service Information Disclosure Vulnerability
CVE-2025-21302	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21304	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-21305	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21306	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21308	Windows Themes Spoofing Vulnerability
CVE-2025-21310	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21312	Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21313	Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21314	Windows SmartScreen Spoofing Vulnerability
CVE-2025-21315	Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21316	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21318	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21319	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21320	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21321	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21323	Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21324	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21326	Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21327	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21328	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21330	Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21331	Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21332	MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21336	Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21338	GDI+ Remote Code Execution Vulnerability
CVE-2025-21339	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21340	Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21341	Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21343	Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21370	Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21372	Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21374	Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21378	Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21382	Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21389	Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21409	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417	Windows Telephony Service Remote Code Execution Vulnerability

365 (13 CVEs)

Important severity
CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21345	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21346	Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21354	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21357	Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21363	Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21364	Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21366	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21402	Microsoft Office OneNote Remote Code Execution Vulnerability

Office (13 CVEs)

Important severity
CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21338	GDI+ Remote Code Execution Vulnerability
CVE-2025-21366	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21345	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21346	Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21354	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21356	Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21363	Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21364	Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21365	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21357	Microsoft Outlook Remote Code Execution Vulnerability

Visual Studio (7 CVEs)

Critical severity
CVE-2025-21178	Visual Studio Remote Code Execution Vulnerability
Important severity
CVE-2024-50338	GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVE-2025-21171	.NET Remote Code Execution Vulnerability
CVE-2025-21172	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21173	.NET Elevation of Privilege Vulnerability
CVE-2025-21176	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21405	Visual Studio Elevation of Privilege Vulnerability

.NET (4 CVEs)

Important severity
CVE-2025-21171	.NET Remote Code Execution Vulnerability
CVE-2025-21172	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21173	.NET Elevation of Privilege Vulnerability
CVE-2025-21176	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Access (3 CVEs)

Important severity
CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21366	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395	Microsoft Access Remote Code Execution Vulnerability

SharePoint (3 CVEs)

Important severity
CVE-2025-21344	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21348	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21393	Microsoft SharePoint Server Spoofing Vulnerability

Office for Mac (2 CVEs)

Important severity
CVE-2025-21338	Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361	GDI+ Remote Code Execution Vulnerability

AutoUpdate for Mac (1 CVE)

Important severity
CVE-2025-21360	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Excel (1 CVE)

Important severity
CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability

Outlook (1 CVE)

Important severity
CVE-2025-21357	Microsoft Outlook Remote Code Execution Vulnerability

On-Premises Data Gateway (1 CVE)

Important severity
CVE-2025-21403	On-Premises Data Gateway Information Disclosure Vulnerability

Power Automate (1 CVE)

Important severity
CVE-2025-21187	Microsoft Power Automate Remote Code Execution Vulnerability

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the January release. The issues addressed in the three CVEs have already been mitigated by Microsoft, but were listed in the release in the interests of transparency.

Microsoft information:

CVE / identifier	Product	Title
ADV990001		Latest Servicing Stack Updates
CVE-2025-21185	Edge	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Elevation of Privilege	N/A
CVE-2025-21380	Marketplace SaaS	Azure Marketplace SaaS Resources Information Disclosure Vulnerability	Information Disclosure	Critical
CVE-2025-21385	Purview	Microsoft Purview Information Disclosure Vulnerability	Information Disclosure	Critical

There are no Adobe advisories in this month’s release.

Appendix E: Affected Windows Server versions

This is a table of CVEs in the January release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.

	2008	2008-R2	2012	2012-R2	2016	2019	2022	2022 23H2	2025
CVE-2024-7344	×	×	■	■	■	■	■	■	■
CVE-2025-21189	×	×	×	■	■	■	■	■	■
CVE-2025-21193	×	×	×	×	■	■	■	■	■
CVE-2025-21202	×	×	×	×	■	■	■	■	■
CVE-2025-21207	×	×	×	×	×	■	■	■	■
CVE-2025-21210	■	■	■	■	■	■	■	■	■
CVE-2025-21211	×	×	■	■	■	■	■	■	■
CVE-2025-21213	×	×	■	■	■	■	■	■	■
CVE-2025-21214	■	■	■	■	■	■	■	■	■
CVE-2025-21215	■	■	■	■	■	■	■	■	■
CVE-2025-21217	■	■	■	■	■	■	■	■	■
CVE-2025-21218	×	×	■	■	■	■	■	■	■
CVE-2025-21219	×	×	×	×	■	■	■	■	■
CVE-2025-21220	■	■	■	■	■	■	■	■	■
CVE-2025-21223	■	■	■	■	■	■	■	■	■
CVE-2025-21224	×	×	×	×	×	×	■	■	■
CVE-2025-21225	×	×	×	×	■	■	■	■	■
CVE-2025-21226	■	■	■	■	■	■	■	■	■
CVE-2025-21227	■	■	■	■	■	■	■	■	■
CVE-2025-21228	■	■	■	■	■	■	■	■	■
CVE-2025-21229	×	×	■	■	■	■	■	■	■
CVE-2025-21230	■	■	■	■	■	■	■	■	■
CVE-2025-21231	■	■	■	■	■	■	■	■	■
CVE-2025-21232	■	■	■	■	■	■	■	■	■
CVE-2025-21233	■	■	■	■	■	■	■	■	■
CVE-2025-21234	×	×	×	×	×	×	■	■	■
CVE-2025-21235	×	×	×	×	×	×	■	■	■
CVE-2025-21236	■	■	■	■	■	■	■	■	■
CVE-2025-21237	■	■	■	■	■	■	■	■	■
CVE-2025-21238	■	■	■	■	■	■	■	■	■
CVE-2025-21239	×	×	×	×	■	■	■	■	■
CVE-2025-21240	■	■	■	■	■	■	■	■	■
CVE-2025-21241	×	×	×	×	■	■	■	■	■
CVE-2025-21242	×	■	■	■	■	■	■	■	■
CVE-2025-21243	■	■	■	■	■	■	■	■	■
CVE-2025-21244	■	■	■	■	■	■	■	■	■
CVE-2025-21245	■	■	■	■	■	■	■	■	■
CVE-2025-21246	■	■	■	■	■	■	■	■	■
CVE-2025-21248	×	×	×	×	■	■	■	■	■
CVE-2025-21249	■	■	■	■	■	■	■	■	■
CVE-2025-21250	■	■	■	■	■	■	■	■	■
CVE-2025-21251	■	■	■	■	■	■	■	■	■
CVE-2025-21252	■	■	■	■	■	■	■	■	■
CVE-2025-21255	■	■	■	■	■	■	■	■	■
CVE-2025-21256	■	■	■	■	■	■	■	■	■
CVE-2025-21257	×	×	×	×	■	■	■	■	■
CVE-2025-21258	■	■	■	■	■	■	■	■	■
CVE-2025-21260	■	■	■	■	■	■	■	■	■
CVE-2025-21261	■	■	■	■	■	■	■	■	■
CVE-2025-21263	■	■	■	■	■	■	■	■	■
CVE-2025-21265	■	■	■	■	■	■	■	■	■
CVE-2025-21266	■	■	■	■	■	■	■	■	■
CVE-2025-21268	■	■	■	■	■	■	■	■	■
CVE-2025-21269	■	■	■	■	■	■	■	■	■
CVE-2025-21270	■	■	■	■	■	■	■	■	■
CVE-2025-21271	×	×	×	×	×	■	■	×	×
CVE-2025-21272	■	■	■	■	■	■	■	■	■
CVE-2025-21273	■	■	■	■	■	■	■	■	■
CVE-2025-21274	×	×	×	■	■	■	■	■	■
CVE-2025-21275	×	×	×	×	×	×	■	■	■
CVE-2025-21276	■	■	■	■	■	■	■	■	■
CVE-2025-21277	■	■	■	■	■	■	■	■	■
CVE-2025-21278	×	×	■	■	■	■	■	■	■
CVE-2025-21280	×	×	×	×	■	■	■	■	■
CVE-2025-21281	×	×	■	■	■	■	■	■	■
CVE-2025-21282	■	■	■	■	■	■	■	■	■
CVE-2025-21284	×	×	×	×	■	■	■	■	■
CVE-2025-21285	■	■	■	■	■	■	■	■	■
CVE-2025-21286	■	■	■	■	■	■	■	■	■
CVE-2025-21287	■	■	■	■	■	■	■	■	■
CVE-2025-21288	■	■	■	■	■	■	■	■	■
CVE-2025-21289	■	■	■	■	■	■	■	■	■
CVE-2025-21290	■	■	■	■	■	■	■	■	■
CVE-2025-21291	×	×	×	×	×	■	■	■	×
CVE-2025-21292	×	×	×	×	×	■	■	■	■
CVE-2025-21293	×	×	■	■	■	■	■	■	■
CVE-2025-21294	■	■	■	■	■	■	■	■	■
CVE-2025-21295	×	■	■	■	■	■	■	■	■
CVE-2025-21296	×	■	■	■	■	■	■	■	■
CVE-2025-21297	×	■	■	■	■	■	■	■	■
CVE-2025-21298	■	■	■	■	■	■	■	■	■
CVE-2025-21299	×	×	×	×	■	■	■	■	■
CVE-2025-21300	■	■	■	■	■	■	■	■	■
CVE-2025-21301	×	×	×	×	■	■	■	■	■
CVE-2025-21302	■	■	■	■	■	■	■	■	■
CVE-2025-21303	■	■	■	■	■	■	■	■	■
CVE-2025-21304	×	×	×	×	■	■	×	×	×
CVE-2025-21305	■	■	■	■	■	■	■	■	■
CVE-2025-21306	■	■	■	■	■	■	■	■	■
CVE-2025-21307	■	■	■	■	■	■	■	■	■
CVE-2025-21308	×	×	■	■	■	■	■	■	■
CVE-2025-21309	×	×	■	■	■	■	■	■	■
CVE-2025-21310	■	■	■	■	■	■	■	■	■
CVE-2025-21311	×	×	×	×	×	×	×	■	■
CVE-2025-21312	×	×	■	■	■	■	■	■	×
CVE-2025-21313	×	×	×	×	×	×	×	■	■
CVE-2025-21314	×	×	×	×	■	■	■	■	■
CVE-2025-21315	×	×	×	×	×	×	×	■	■
CVE-2025-21316	×	×	×	■	■	■	■	■	■
CVE-2025-21317	×	×	×	×	×	×	■	■	■
CVE-2025-21318	×	×	■	■	■	■	■	■	■
CVE-2025-21319	×	■	■	■	■	■	■	■	■
CVE-2025-21320	■	■	■	■	■	■	■	■	■
CVE-2025-21321	×	×	■	■	■	■	■	■	■
CVE-2025-21323	×	×	×	×	■	■	■	■	■
CVE-2025-21324	■	■	■	■	■	■	■	■	■
CVE-2025-21326	×	×	×	×	×	×	×	■	■
CVE-2025-21327	■	■	■	■	■	■	■	■	■
CVE-2025-21328	■	■	■	■	■	■	■	■	■
CVE-2025-21329	■	■	■	■	■	■	■	■	■
CVE-2025-21330	×	×	×	×	×	■	■	■	■
CVE-2025-21331	■	■	■	■	■	■	■	■	×
CVE-2025-21332	■	■	■	■	■	■	■	■	■
CVE-2025-21333	×	×	×	×	×	×	×	■	■
CVE-2025-21334	×	×	×	×	×	×	×	■	■
CVE-2025-21335	×	×	×	×	×	×	×	■	■
CVE-2025-21336	■	■	■	■	■	■	■	■	■
CVE-2025-21338	■	■	■	■	■	■	■	■	■
CVE-2025-21339	■	■	■	■	■	■	■	■	■
CVE-2025-21340	×	×	×	×	×	■	■	■	■
CVE-2025-21341	■	■	■	■	■	■	■	■	■
CVE-2025-21343	×	×	×	×	×	×	×	×	×
CVE-2025-21370	×	×	×	×	×	×	×	×	×
CVE-2025-21372	×	×	×	×	×	×	×	■	■
CVE-2025-21374	×	×	■	■	■	■	■	■	■
CVE-2025-21378	×	×	■	■	■	■	■	■	■
CVE-2025-21382	×	×	×	×	×	■	■	■	■
CVE-2025-21389	■	■	■	■	■	■	■	■	■
CVE-2025-21409	■	■	■	■	■	■	■	■	■
CVE-2025-21411	■	■	■	■	■	■	■	■	■
CVE-2025-21413	■	■	■	■	■	■	■	■	■
CVE-2025-21417	■	■	■	■	■	■	■	■	■

http://feeds.feedburner.com/sophos/dgdY

PossibleThreat Articles

159-CVE January Patch Tuesday smashes single-month record

Leave a Reply Cancel reply