Service Notices
Microsoft Releases January 2025 Security Updates
Jan 16, 2025 GMT+08:00
I. Overview
Microsoft has released its January 2025 Security Updates. A total of 157 security vulnerabilities have been disclosed, among which 10 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Visual Studio and .NET.
For details, visit the Microsoft official website:
The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335): This is a zero-day vulnerability. Authenticated local attackers can exploit this vulnerability to gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
Microsoft Access Remote Code Execution Vulnerability (CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395): This is a zero-day vulnerability. An attacker employs social engineering tactics to convince a victim to download and open a specially crafted file from a website, thereby triggering the vulnerability. Successful exploitation of this vulnerability allows the attacker to execute arbitrary code on the compromised system. The vulnerability has been disclosed, and the risk is high.
Windows App Package Installer Elevation of Privilege Vulnerability (CVE-2025-21275): This is a zero-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability has been disclosed, and the risk is high.
Windows Themes Spoofing Vulnerability (CVE-2025-21308): This is a zero-day vulnerability. To exploit this vulnerability, an attacker would have to convince the user to load a malicious file onto a vulnerable system, and then convince the user to manipulate the specially crafted file. The vulnerability has been disclosed, and the risk is high.
17 vulnerabilities (such as CVE-2025-21298, CVE-2025-21292, and CVE-2025-21354) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Visual Studio, and .NET.
IV. Vulnerability Details
|
CVE No. |
Vulnerability |
Severity |
Description |
|
CVE-2025-21296 |
BranchCache Remote Code Execution Vulnerability |
Important |
Successful exploitation of this vulnerability requires an attacker to win a race condition. This vulnerability could lead to remote code execution on the target system. |
|
CVE-2025-21295 |
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
Important |
An attacker who successful exploited this vulnerability could achieve remote code execution without user interaction. |
|
CVE-2025-21298 |
Windows OLE Remote Code Execution Vulnerability |
Important |
An attacker could exploit the vulnerability by sending the specially crafted email to the victim. Successful exploitation of this vulnerability can cause remote code execution on the target system. |
|
CVE-2025-21297 CVE-2025-21309 |
Windows Remote Desktop Services Remote Code Execution Vulnerability |
Important |
An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. |
|
CVE-2025-21311 |
Windows NTLM V1 Elevation of Privilege Vulnerability |
Important |
A remote attacker who successfully exploited the vulnerability could gain elevated privileges on the target system. |
|
CVE-2025-21354 CVE-2025-21362 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
Attackers employ social engineering tactics to persuade victims to download and open specially crafted files from websites, resulting in local attacks on their computers. |
|
CVE-2025-21294 |
Microsoft Digest Authentication Remote Code Execution Vulnerability |
Important |
An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. |
|
CVE-2025-21307 |
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. Successful exploitation of this vulnerability may cause remote code execution on the target server. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.