January Patch Tuesday sets new all-time high with 159-CVE rate

AndyC 15 January 2025

On Tuesday, Microsoft officially revealed a significant number of 159 patches spanning across 13 different product categories. Microsoft has highlighted nine issues as Critical, with 43 having a CVSS base score exceeding 8.0.

159-CVE January Patch Tuesday smashes single-month record

On Tuesday, Microsoft officially revealed a significant number of 159 patches spanning across 13 different product categories. Microsoft has highlighted nine issues as Critical, with 43 having a CVSS base score exceeding 8.0. Notably, three of these issues are actively being exploited in the wild. To mitigate one of these vulnerabilities, Microsoft recommends configuring Microsoft Outlook to display all standard mail in plain text.

The distribution of patches leans heavily towards Windows, with a whopping 132 patches aimed at this operating system alone. This marks the third-largest release in terms of the number of patches since 2020. Among these, several trends emerge, including 28 remote-code-execution patches affecting Windows Telephony Services, and 17 elevation-of-privilege issues addressed in Windows Digital Media. Noteworthy is the presence of eight critical-severity Windows patches, which includes the critical OLE-related Outlook bug mentioned earlier.

At present, three significant-severity EoP issues, each titled “Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are actively targeted in the wild. Additionally, Microsoft estimates that 17 more CVEs could be exploited within the next 30 days. Sophos provides coverage for two of this month’s issues, with detailed information provided in a table below.

Alongside the patches, the release incorporates advisory details on Servicing Stack Updates, the single Edge patch for the month (as well as an Internet Explorer patch, elaborated on later), and two resolved issues already mitigated by Microsoft. Appendices are appended at the end of the post, categorizing all Microsoft patches by severity, predicted exploit likelihood, product family, and also listing the 130 patches affecting the various still-supported Windows Server platforms.

  • Total CVEs: 159
  • Publicly disclosed: 3
  • Exploits detected: 3
  • Severity
    • Critical: 9
    • Important: 150
  • Impacts
    • Remote Code Execution: 58
    • Elevation of Privilege: 40
    • Information Disclosure: 22
    • Denial of Service: 20
    • Security Feature Bypass: 14
    • Spoofing: 5
  • CVSS base score 9.0 or higher: 3
  • CVSS base score 8.0 or higher: 40

A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text

Figure 1: Although RCE remains prominent, a diverse range of impacts is evident in the initial batch of patches for the year

Product Details

  • Windows: 132
  • 365: 13
  • Office: 13
  • Visual Studio: 7
  • .NET: 4
  • Access: 3
  • SharePoint: 3
  • Office for Mac: 2
  • AutoUpdate for Mac: 1
  • Excel: 1
  • Outlook: 1
  • On-Premises Data Gateway: 1
  • Power Automate: 1

Consistent with our protocol for this list, CVEs that impact multiple product families are counted separately for each affected family.

A bar chart representing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text

Figure 2: Nearly all of January’s Windows patches are targeted at the server-side OS. Meanwhile, Office for Mac receives an exclusive patch and shares another with different Office editions

Key Updates for January

Aside from the previously discussed issues, several specific items warrant attention.

CVE-2025-21298 — Windows OLE Remote Code Execution Vulnerability

This critical-severity issue, with a CVSS base score of 9.8, is particularly noteworthy due to its RTF (Rich Text Format) nature. While it mandates correction in Windows, its impact extends to various products, notably email. As it is exploitable via Preview Pane, an attacker exploiting this vulnerability merely needs to send a malicious email to the target; even merely viewing the email can initiate RCE. Fortunately, there are no active exploits in the wild yet; however, given its severity, it’s plausible that the clock is ticking. As previously advised, Microsoft recommends users stick to plaintext email reading and provides instructions for configuring Outlook to do so. Users of alternative email software should also take suitable precautions.

CVE-2025-21311 — Windows NTLM V1 Elevation of Privilege Vulnerability

With a CVSS score of 9.8, this vulnerability affects Microsoft’s latest products (Windows 11 24H2, Server 2022 23H2, Server 2025) and can be easily mitigated by adjusting LmCompatibilityLevel to the maximum value of 5, thereby prohibiting the use of the MTLMv1 protocol. This is crucial as the vulnerability is remotely exploitable, requires minimal knowledge of the target system, and boasts a high success rate.

CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Access Remote Code Execution Vulnerability

This month’s patches for these CVEs prevent seven potentially malicious extensions (.accda, .accdb, .accde,  .accdr, accdt, .accdu, .accdw) from being transmitted via email. Recipients will receive a notification of an attachment that cannot be accessed. These three RCE issues target RDP and are all publicly known.

CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – various exploits

This month, administrators must follow Microsoft’s recommendations for addressing eight patches related to Virtual Secure Mode components, which focus on updating virtualization-based security (VBS) concerns.

CVE-2025-21343

Windows Web Threat Defense User Service Information Leak Vulnerability

This anomaly of considerable importance may, if taken advantage of, enable the intruder to capture images of a different user’s session. It is also relatively narrow in its impact, affecting exclusively Windows 11 versions 22H2, 23H2, and 24H2. The discovery was reported to Microsoft by an uncommon source, the Australian Signals Directorate.

CVE-2025-21326 — Internet Explorer Vulnerability with Remote Code Execution

Despite its name echoing the past, this RCE vulnerability of significance impacts not the historic browser but Windows Server versions 2022 23H2 and 2025.

A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest

Figure 3: The peak seen at the far right? That’s where we are

 

Defenses by Sophos

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall
CVE-2025-21299 Exp/2521299-A Exp/2521299-A
CVE-2025-21362 sid:2310479 sid:2310479

If you prefer not to wait for your system to automatically fetch Microsoft’s updates each month, you have the option to manually download them from the Windows Update Catalog website. Utilize the winver.exe utility to identify the specific version of Windows 10 or 11 that is installed on your system, and then retrieve the Cumulative Update package corresponding to your system’s architecture and build.

Appendix A: Impact and Severity of Vulnerabilities

Here are the January patches categorized by their impact, followed by their severity level. Each category is then sorted by CVE.

Remote Code Execution (58 CVEs)

Critical severity
CVE-2025-21178 Visual Studio Vulnerability for Remote Code Execution
CVE-2025-21294 Remote Code Execution Vulnerability in Microsoft Digest Authentication
CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Vulnerability for Remote Code Execution
CVE-2025-21296 BranchCache Vulnerability for Remote Code Execution
CVE-2025-21297 Remote Code Execution Vulnerability in Windows Remote Desktop Services
CVE-2025-21298 Windows OLE Vulnerability for Remote Code Execution
CVE-2025-21307 Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver (RMCAST)
CVE-2025-21309 Remote Code Execution Vulnerability in Windows Remote Desktop Services
Important severity
CVE-2025-21171 .NET Vulnerability for Remote Code Execution
CVE-2025-21172 .NET and Visual Studio Vulnerability for Remote Code Execution
CVE-2025-21176 .NET, .NET Framework, and Visual Studio Vulnerability for Remote Code Execution
CVE-2025-21186 Microsoft Access Vulnerability for Remote Code Execution
CVE-2025-21187 Microsoft Power Automate Vulnerability for Remote Code Execution
CVE-2025-21223 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21224 Remote Code Execution Vulnerability in Windows Line Printer Daemon (LPD) Service
CVE-2025-21233 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21236 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21237 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21238 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21239 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21240 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21241 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21243 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21244 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21245 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21246 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21248 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21250 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21252 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21266 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21273 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21282 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21286 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21291 Remote Code Execution Vulnerability in Windows Direct Show
CVE-2025-21302 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21303 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21305 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21306 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability
Weakness
CVE-2025-21338 GDI+ Remote Code Execution Weakness
CVE-2025-21339 Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Weakness
CVE-2025-21345 Microsoft Office Visio Remote Code Execution Weakness
CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Weakness
CVE-2025-21354 Microsoft Excel Remote Code Execution Weakness
CVE-2025-21356 Microsoft Office Visio Remote Code Execution Weakness
CVE-2025-21357 Microsoft Outlook Remote Code Execution Weakness
CVE-2025-21361 Microsoft Outlook Remote Code Execution Weakness
CVE-2025-21362 Microsoft Excel Remote Code Execution Weakness
CVE-2025-21363 Microsoft Word Remote Code Execution Weakness
CVE-2025-21365 Microsoft Office Remote Code Execution Weakness
CVE-2025-21366 Microsoft Access Remote Code Execution Weakness
CVE-2025-21395 Microsoft Access Remote Code Execution Weakness
CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Weakness
CVE-2025-21409 Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21411 Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21413 Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21417 Windows Telephony Service Remote Code Execution Weakness

 

Escalation of Privilege (40 CVEs)

Severe importance
CVE-2025-21311 Windows NTLM V1 Privilege Escalation Weakness
Significant importance
CVE-2025-21173 .NET Privilege Escalation Weakness
CVE-2025-21202 Windows Recovery Environment Agent Privilege Escalation Weakness
CVE-2025-21226 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21227 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21228 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21229 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21232 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21234 Windows PrintWorkflowUserSvc Privilege Escalation Weakness
CVE-2025-21235 Windows PrintWorkflowUserSvc Privilege Escalation Weakness
CVE-2025-21249 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21255 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21256 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21258 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21260 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21261 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21263 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21265 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21271 Windows Cloud Files Mini Filter Driver Privilege Escalation Weakness
CVE-2025-21275 Windows App Package Installer Privilege Escalation Weakness
CVE-2025-21281 Microsoft COM for Windows Privilege Escalation Weakness
CVE-2025-21287 Windows Installer Privilege Escalation Weakness
CVE-2025-21292 Windows Search Service Privilege Escalation Weakness
CVE-2025-21293 Active Directory Domain Services Privilege Escalation Weakness
CVE-2025-21304 Microsoft DWM Core Library Privilege Escalation Weakness
CVE-2025-21310 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21315 Microsoft Brokering File System Privilege Escalation Weakness
CVE-2025-21324 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21327 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21331 Windows Installer Privilege Escalation Weakness
CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Privilege Escalation Weakness
CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Privilege Escalation Weakness
CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Privilege Escalation Weakness
CVE-2025-21341 Windows Digital Media Privilege Escalation Weakness
CVE-2025-21360 Microsoft AutoUpdate (MAU) Privilege Escalation Weakness
CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Privilege Escalation Weakness
CVE-2025-21372 Microsoft Brokering File System Privilege Escalation Weakness
CVE-2025-21378 Windows CSC Service Privilege Escalation Weakness
CVE-2025-21382 Windows Graphics Component Privilege Escalation Weakness
CVE-2025-21405 Visual Studio Privilege Escalation Weakness

 

 

Information Revelation(22 Common Vulnerabilities and Exposures)

Significant severity
CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL exposes details through git-credential-manager
CVE-2025-21210 Windows BitLocker Data Exposure Vulnerability
CVE-2025-21214 Windows BitLocker Data Exposure Vulnerability
CVE-2025-21215 Secure Boot Bypass Vulnerability
CVE-2025-21220 Microsoft Message Queuing Data Exposure Vulnerability
CVE-2025-21242 Windows Kerberos Data Exposure Vulnerability
CVE-2025-21257 Windows WLAN AutoConfig Service Data Exposure Vulnerability
CVE-2025-21272 Windows COM Server Data Exposure Vulnerability
CVE-2025-21288 Windows COM Server Data Exposure Vulnerability
CVE-2025-21301 Windows Geolocation Service Data Exposure Vulnerability
CVE-2025-21312 Windows Smart Card Reader Data Exposure Vulnerability
CVE-2025-21316 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21317 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21318 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21319 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21320 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21321 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21323 Windows Kernel Memory Data Exposure Vulnerability
CVE-2025-21336 Windows Cryptographic Data Exposure Vulnerability
CVE-2025-21343 Windows Web Threat Defense User Service Data Exposure Vulnerability
CVE-2025-21374 Windows CSC Service Data Exposure Vulnerability
CVE-2025-21403 On-Premises Data Gateway Data Exposure Vulnerability

 

Service Unavailable (20 Common Vulnerabilities and Exposures)

Significant severity
CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Downtime Vulnerability
CVE-2025-21218 Windows Kerberos Downtime Vulnerability
CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Downtime Vulnerability
CVE-2025-21230 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21231 IP Helper Downtime Vulnerability
CVE-2025-21251 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21270 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21274 Windows Event Tracing Downtime Vulnerability
CVE-2025-21276 Windows MapUrlToZone Downtime Vulnerability
CVE-2025-21277 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Downtime Vulnerability
CVE-2025-21280 Windows Virtual Trusted Platform Module Downtime Vulnerability
CVE-2025-21284 Windows Virtual Trusted Platform Module Downtime Vulnerability
CVE-2025-21285 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21289 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21290 Microsoft Message Queuing (MSMQ) Downtime Vulnerability
CVE-2025-21300 Windows upnphost.dll Downtime Vulnerability
CVE-2025-21313 Windows Security Account Manager (SAM) Downtime Vulnerability
CVE-2025-21330 Windows Remote Desktop Services Downtime Vulnerability
CVE-2025-21389 Windows upnphost.dll Downtime Vulnerability

Security Mechanism Evasion (14 Common Vulnerabilities and Exposures)

Significant severity
CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21211 Secure Boot Bypass Vulnerability
CVE-2025-21213 Secure Boot Bypass Vulnerability
CVE-2025-21219 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21268 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21269 Windows HTML Platforms Security Mechanism Evasion Vulnerability
CVE-2025-21299 Windows Kerberos Security Mechanism Evasion Vulnerability
CVE-2025-21328 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21329 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21332 MapUrlToZone Security Mechanism Evasion Vulnerability
CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Mechanism Evasion Vulnerability
CVE-2025-21346 Microsoft Office Security Mechanism Evasion Vulnerability
CVE-2025-21364 Microsoft Excel Security Mechanism Evasion Vulnerability

Impersonation (5 Common Vulnerabilities and Exposures)

Significant severity
CVE-2025-21193 Active Directory Federation Server Impersonation Vulnerability
CVE-2025-21217 Windows Certificate of Origin Spoofing Vulnerability
CVE-2025-21308 Windows Styles Misrepresentation Vulnerability
CVE-2025-21314 Windows Smart Display Falsification Vulnerability
CVE-2025-21393 Microsoft Companion Portal Server Misrepresentation Vulnerability

Section B: Vulnerabilities

Here is an enumeration of the January CVEs identified by Microsoft as either currently being exploited in the wild or having a high probability of exploitation within the initial 30 days after being made public. Below are the details categorized by CVE.

Exploitation detected
CVE-2025-21333 Windows Hypervisor NT Kernel Integration VSP Privilege Escalation Vulnerability
CVE-2025-21334 Windows Hypervisor NT Kernel Integration VSP Privilege Escalation Vulnerability
CVE-2025-21335 Windows Hypervisor NT Kernel Integration VSP Privilege Escalation Vulnerability
Expected exploitation in the next 30 days
CVE-2025-21189 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21210 Windows Encryption Lock Data Disclosure Vulnerability
CVE-2025-21219 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21268 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21269 Windows HTML Frameworks Security Circumvention Vulnerability
CVE-2025-21292 Windows Query Feature Privilege Escalation Vulnerability
CVE-2025-21298 Windows Object Linking and Embedding Remote Code Execution Vulnerability
CVE-2025-21299 Windows Kerberos Security Circumvention Vulnerability
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21314 Windows Smart Display Falsification Vulnerability
CVE-2025-21315 Microsoft Intermediary File System Privilege Escalation Vulnerability
CVE-2025-21328 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21329 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21364 Microsoft Excel Security Circumvention Vulnerability
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability

Section C: Affected Technologies

Below is a compilation of the January updates organized by product classification and subsequently arranged by seriousness. Each catalog is meticulously ordered by CVE. Updates applied to various product categories will be displayed multiple times to reflect each group. Challenges impacting Windows Server are specially sorted in Appendix E. Please bear in mind that Office for Mac has an exclusive reference for CVE-2025-21361, which is limited to that system only.

Windows (132 CVEs)

Critical seriousness
CVE-2025-21294 Microsoft Digest Verification Remote Code Execution Vulnerability
CVE-2025-21295 SPNEGO Lengthened Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296 BranchCache Remote Code Execution Vulnerability
CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298 Windows Object Linking and Embedding Remote Code Execution Vulnerability
CVE-2025-21307 Windows Trustworthy Multicast Traffic Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability
Essential seriousness
CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVE-2025-21189 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21207 Windows Associated Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21210 Windows Encryption Lock Data Disclosure Vulnerability
CVE-2025-21211 Secure Boot Security Circumvention Vulnerability
CVE-2025-21213 Secure Boot Security Circumvention Vulnerability
CVE-2025-21214 Windows Encryption Lock Data Disclosure Vulnerability
CVE-2025-21215 Secure Boot Security Circumvention Vulnerability
CVE-2025-21217 Windows Certificate of Origin Spoofing Vulnerability
CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability
CVE-2025-21219 MapUrlToZone Security Circumvention Vulnerability
CVE-2025-21220 Microsoft Message Queuing Data Disclosure Vulnerability
CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial

Denial of Assistance Exposure CVE-2025-21231 IP Assistant Denial of Assistance Exposure CVE-2025-21232 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21233 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21234 Windows Print Workflow User Service Privilege Escalation Exposure CVE-2025-21235 Windows Print Workflow User Service Privilege Escalation Exposure CVE-2025-21236 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21237 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21238 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21239 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21240 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21241 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21242 Windows Kerberos Data Disclosure Exposure CVE-2025-21243 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21244 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21245 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21246 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21248 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21249 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21250 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21251 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21252 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21255 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21256 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21257 Windows WLAN Auto Configuration Utility Data Disclosure Exposure CVE-2025-21258 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21260 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21261 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21263 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21265 Windows Digital Multimedia Privilege Escalation Exposure CVE-2025-21266 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21268 Map URL to Zone Security Feature Bypass Exposure CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Exposure CVE-2025-21270 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21271 Windows Cloud Files Mini Filter Driver Privilege Escalation Exposure CVE-2025-21272 Windows Component Object Model Server Data Disclosure Exposure CVE-2025-21273 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21274 Windows Event Tracing Denial of Assistance Exposure CVE-2025-21275 Windows Application Package Installer Privilege Escalation Exposure CVE-2025-21276 Windows Map URL to Zone Denial of Assistance Exposure CVE-2025-21277 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Assistance Exposure CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Assistance Exposure CVE-2025-21281 Microsoft Component Object Model for Windows Privilege Escalation Exposure CVE-2025-21282 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Assistance Exposure CVE-2025-21285 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21286 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21287 Windows Installation Service Privilege Escalation Exposure CVE-2025-21288 Windows Component Object Model Server Data Disclosure Exposure CVE-2025-21289 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21290 Microsoft Message Queueing (MSMQ) Denial of Assistance Exposure CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability CVE-2025-21292 Windows Search Utility Privilege Escalation Exposure CVE-2025-21293 Active Directory Domain Services Privilege Escalation Exposure CVE-2025-21299 Windows Kerberos Security Feature Bypass Exposure CVE-2025-21300 Windows UPnP Host Library Denial of Assistance Exposure CVE-2025-21301 Windows Geolocation Utility Data Disclosure Exposure CVE-2025-21302 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21303 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21304 Microsoft Desktop Window Manager Core Library Privilege Escalation Exposure CVE-2025-21305 Windows Telecommunication Utility Remote Code Execution Vulnerability CVE-2025-21306 Windows

CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability CVE-2025-21302 Internet Explorer Remote Code Execution Vulnerability CVE-2025-21305 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

365 (13 CVEs)

Important severity
CVE-2025-21145 Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-21399 Microsoft OneDrive Security Feature Bypass Vulnerability
CVE-2025-21380 Microsoft SharePoint Information Disclosure Vulnerability
CVE-2025-21367 Microsoft Teams Elevation of Privilege Vulnerability
CVE-2025-21361 Microsoft Office Information Disclosure Vulnerability
CVE-2025-21234 Windows Credential Security Support Provider (CredSSP) Remote Code Execution Vulnerability
CVE-2025-21109 Windows Remote Procedure Call (RPC) Null Dereference Vulnerability
CVE-2025-21397 Microsoft Windows Media Player Remote Code Execution Vulnerability
CVE-2025-21383 Microsoft Active Directory Information Disclosure Vulnerability
CVE-2025-21789 Windows Print Spooler Remote Code Execution Vulnerability
CVE-2025-21308 Windows Themes Spoofing Vulnerability
CVE-2025-21101 Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability
CVE-2025-21289 Windows Task Scheduler Elevation of Privilege Vulnerability

Office (13 CVEs)

Important severity
CVE-2025-21290 Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability
CVE-2025-21755 Windows Web Application Proxy Elevation of Privilege Vulnerability
CVE-2025-21388 Windows Task Scheduler Information Disclosure Vulnerability
CVE-2025-21234 Windows Credential Security Support Provider (CredSSP) Remote Code Execution Vulnerability
CVE-2025-21190 Windows Print Spooler Remote Code Execution Vulnerability
CVE-2025-21333 Windows Task Manager Information Disclosure Vulnerability
CVE-2025-21225 Microsoft Edge Elevation of Privilege Vulnerability
CVE-2025-21354 Microsoft Excel Vulnerability Allowing Remote Code Execution
CVE-2025-21356 Microsoft Office Visio Vulnerability Allowing Remote Code Execution
CVE-2025-21363 Microsoft Word Vulnerability Allowing Remote Code Execution
CVE-2025-21364 Vulnerability in Microsoft Excel Bypassing Security Features
CVE-2025-21365 Vulnerability in Microsoft Office Allowing Remote Code Execution
CVE-2025-21357 Vulnerability in Microsoft Outlook Allowing Remote Code Execution

Visual Studio (7 CVEs)

Critical severity
CVE-2025-21178 Vulnerability in Visual Studio Allowing Remote Code Execution
Important severity
CVE-2024-50338 GitHub: Information Disclosure Vulnerability in Malformed URL through git-credential-manager in CVE-2024-50338
CVE-2025-21171 Vulnerability in .NET Allowing Remote Code Execution
CVE-2025-21172 Vulnerability in .NET and Visual Studio Allowing Remote Code Execution
CVE-2025-21173 Elevation of Privilege Vulnerability in .NET
CVE-2025-21176 Vulnerability in .NET, .NET Framework, and Visual Studio Allowing Remote Code Execution
CVE-2025-21405 Elevation of Privilege Vulnerability in Visual Studio

.NET (4 CVEs)

Important severity
CVE-2025-21171 Vulnerability in .NET Allowing Remote Code Execution
CVE-2025-21172 Vulnerability in .NET and Visual Studio Allowing Remote Code Execution
CVE-2025-21173 Elevation of Privilege Vulnerability in .NET
CVE-2025-21176 Vulnerability in .NET, .NET Framework, and Visual Studio Allowing Remote Code Execution

Access (3 CVEs)

Important severity
CVE-2025-21186 Vulnerability in Microsoft Access Allowing Remote Code Execution
CVE-2025-21366 Vulnerability in Microsoft Access Allowing Remote Code Execution
CVE-2025-21395 Vulnerability in Microsoft Access Allowing Remote Code Execution

SharePoint (3 CVEs)

Important severity
CVE-2025-21344 Vulnerability in Microsoft SharePoint Server Allowing Remote Code Execution
CVE-2025-21348 Vulnerability in Microsoft SharePoint Server Allowing Remote Code Execution
CVE-2025-21393 Spoofing Vulnerability in Microsoft SharePoint Server

Office for Mac (2 CVEs)

Important severity
CVE-2025-21338 Vulnerability in Microsoft Outlook Allowing Remote Code Execution
CVE-2025-21361 Vulnerability in GDI+ Allowing Remote Code Execution

AutoUpdate for Mac (1 CVE)

Important severity
CVE-2025-21360 Elevation of Privilege Vulnerability in Microsoft AutoUpdate (MAU)

Excel (1 CVE)

Important severity
CVE-2025-21362 Vulnerability in Microsoft Excel Allowing Remote Code Execution

Outlook (1 CVE)

Important severity
CVE-2025-21357 Vulnerability in Microsoft Outlook Allowing Remote Code Execution

On-Premises Data Gateway (1 CVE)

Important severity
CVE-2025-21403 Information Disclosure Vulnerability in On-Premises Data Gateway

Power Automate (1 CVE)

Important severity
CVE-2025-21187 Vulnerability in Microsoft Power Automate Allowing Remote Code Execution

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the January release. The issues addressed in the three CVEs have already been mitigated by Microsoft, but were listed in the release in the interests of transparency.

Microsoft information:

CVE / identifier Product Title    
ADV990001 Updates in Latest Servicing Stack
CVE-2025-21185 Edge Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) under CVE-2025-21185 Elevation of Privilege N/A
CVE-2025-21380 Marketplace SaaS Information Disclosure Vulnerability in Azure Marketplace SaaS Resources under CVE-2025-21380 Information Disclosure Critical
CVE-2025-21385 Purview Information Disclosure Vulnerability in Microsoft Purview under CVE-2025-21385 Information Disclosure Critical

There are no Adobe advisories in this month’s release.

Appendix E: Affected Windows Server versions

This is a table of CVEs in the January release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.

2008 2008-R2 2012 2012-R2 2016 2019 2022 2022 Second Semester 2025
Common Vulnerabilities and Exposures-2024-7344 × ×
Common Vulnerabilities and Exposures-2025-21189 × × ×
Common Vulnerabilities and Exposures-2025-21193 × × × ×
Common Vulnerabilities and Exposures-2025-21202 × × × ×
Common Vulnerabilities and Exposures-2025-21207 × × × × ×
Common Vulnerabilities and Exposures-2025-21210
Common Vulnerabilities and Exposures-2025-21211 × ×
Common Vulnerabilities and Exposures-2025-21213 × ×
Common Vulnerabilities and Exposures-2025-21214
Common Vulnerabilities and Exposures-2025-21215
Common Vulnerabilities and Exposures-2025-21217
Common Vulnerabilities and Exposures-2025-21218 × ×
Common Vulnerabilities and Exposures-2025-21219 × × × ×
Common Vulnerabilities and Exposures-2025-21220
Common Vulnerabilities and Exposures-2025-21223
Common Vulnerabilities and Exposures-2025-21224 × × × × × ×
Common Vulnerabilities and Exposures-2025-21225 × × × ×
Common Vulnerabilities and Exposures-2025-21226
Common Vulnerabilities and Exposures-2025-21227
Common Vulnerabilities and Exposures-2025-21228
Common Vulnerabilities and Exposures-2025-21229 × ×
Common Vulnerabilities and Exposures-2025-21230
Common Vulnerabilities and Exposures-2025-21231
Common Vulnerabilities and Exposures-2025-21232
Common Vulnerabilities and Exposures-2025-21233
Common Vulnerabilities and Exposures-2025-21234 × × × × × ×
Common Vulnerabilities and Exposures-2025-21235 × × × × × ×
Common Vulnerabilities and Exposures-2025-21236
Common Vulnerabilities and Exposures-2025-21237
Common Vulnerabilities and Exposures-2025-21238
Common Vulnerabilities and Exposures-2025-21239 × × × ×
Common Vulnerabilities and Exposures-2025-21240
Common Vulnerabilities and Exposures-2025-21241 × × × ×
CVE-2025-21242 ×
CVE-2025-21243
CVE-2025-21244
CVE-2025-21245
CVE-2025-21246
CVE-2025-21248 × × × ×
CVE-2025-21249
CVE-2025-21250
CVE-2025-21251
CVE-2025-21252
CVE-2025-21255
CVE-2025-21256
CVE-2025-21257 × × × ×
CVE-2025-21258
CVE-2025-21260
CVE-2025-21261
CVE-2025-21263
CVE-2025-21265
CVE-2025-21266
CVE-2025-21268
CVE-2025-21269
CVE-2025-21270
CVE-2025-21271 × × × × × × ×
CVE-2025-21272
CVE-2025-21273
CVE-2025-21274 × × ×
CVE-2025-21275 × × × × × ×
CVE-2025-21276
CVE-2025-21277
CVE-2025-21278 × ×
CVE-2025-21280 × × × ×
CVE-2025-21281 × ×
CVE-2025-21282
CVE-2025-21284 × × × ×
CVE-2025-21285
CVE-2025-21286
CVE-2025-21287
CVE-2025-21288
CVE-2025-21289
CVE-2025-21290
CVE-2025-21291 × × × × × ×
CVE-2025-21292 × × × × ×
CVE-2025-21293 × ×
CVE-2025-21294
CVE-2025-21295 ×
CVE-2025-21296 ×
CVE-2025-21297 ×
CVE-2025-21298
CVE-2025-21299 × × × ×
CVE-2025-21300
CVE-2025-21301 × × × ×
CVE-2025-21302
CVE-2025-21303
CVE-2025-21304 × × × × × × ×
CVE-2025-21305
CVE-2025-21306
CVE-2025-21307
CVE-2025-21308 × ×
CVE-2025-21309 × ×
CVE-2025-21310
CVE-2025-21311 × × ×
Security Issue: CVE-2025-21313 × × × × × × ×
Security Issue: CVE-2025-21314 × × × ×
Security Issue: CVE-2025-21315 × × × × × × ×
Security Issue: CVE-2025-21316 × × ×
Security Issue: CVE-2025-21317 × × × × × ×
Security Issue: CVE-2025-21318 × ×
Security Issue: CVE-2025-21319 ×
Security Issue: CVE-2025-21320
Security Issue: CVE-2025-21321 × ×
Security Issue: CVE-2025-21323 × × × ×
Security Issue: CVE-2025-21324
Security Issue: CVE-2025-21326 × × × × × × ×
Security Issue: CVE-2025-21327
Security Issue: CVE-2025-21328
Security Issue: CVE-2025-21329
Security Issue: CVE-2025-21330 × × × × ×
Security Issue: CVE-2025-21331 ×
Security Issue: CVE-2025-21332
Security Issue: CVE-2025-21333 × × × × × × ×
Security Issue: CVE-2025-21334 × × × × × × ×
Security Issue: CVE-2025-21335 × × × × × × ×
Security Issue: CVE-2025-21336
Security Issue: CVE-2025-21338
Security Issue: CVE-2025-21339
Security Issue: CVE-2025-21340 × × × × ×
Security Issue: CVE-2025-21341
Security Issue: CVE-2025-21343 × × × × × × × × ×
Security Issue: CVE-2025-21370 × × × × × × × × ×
Security Issue: CVE-2025-21372 × × × × × × ×
Security Issue: CVE-2025-21374 × ×
Security Issue: CVE-2025-21378 × ×
Security Issue: CVE-2025-21382 × × × × ×
Security Issue: CVE-2025-21389
Security Issue: CVE-2025-21409
Security Issue: CVE-2025-21411
Security Issue: CVE-2025-21413
Security Issue: CVE-2025-21417

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , ,

More Stories

Italian Ferry Malware Attack Sparks International Probe

AndyC 20 December 2025
ClickFix2512-fig3.png

I am not a robot: ClickFix used to deploy StealC and Qilin

AndyC 19 December 2025

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

AndyC 19 December 2025

A big finish to 2025 in December’s Patch Tuesday

AndyC 19 December 2025

React2Shell flaw (CVE-2025-55182) exploited for remote code execution

AndyC 19 December 2025
ClickFix2512-fig3.png

I am not a robot: ClickFix used to deploy StealC and Qilin

AndyC 19 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.