January Patch Tuesday Smashes Single-Month Record with 159-CVE

Microsoft has released a total of 159 patches across 13 product families on Tuesday. Of these, Microsoft has marked nine issues as Critical severity, with 43 having a CVSS base score of 8.0 or higher. Three of the vulnerabilities are currently being actively exploited. One possible mitigation method suggested by Microsoft is to configure Microsoft Outlook to read all standard mail in plain text.

This unprecedented number of patches mainly targets Windows, with 132 patches applicable to the operating system. Among these patches, several key themes emerge, including 28 remote-code-execution patches affecting Windows Telephony Services and 17 elevation-of-privilege issues addressed in Windows Digital Media. There are eight critical-severity patches for Windows, including the Outlook bug mentioned earlier. More details on this will be discussed shortly.

At the time of the patch release, there are three important-severity Elevation of Privilege (EoP) issues that are actively being exploited, titled “Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability.” Additionally, the company estimates that 17 more CVEs are likely to be exploited within the next 30 days. Sophos protections can detect two of this month’s issues, and details on these are included in the table below.

Aside from these patches, the release also contains information on Servicing Stack Updates, as well as details about the singular Edge patch for this month (there’s also an Internet Explorer patch, which will be discussed later) and two mitigated issues covered in the release. Furthermore, additional appendices listing all of Microsoft’s patches sorted by severity, exploitability predictions, and product family are provided at the end of this post, along with an appendix covering advisory-style updates and a breakdown of the 130 patches affecting various Windows Server platforms that are still supported.

Total CVEs: 159
Publicly disclosed: 3
Exploits detected: 3
Severity
- Critical: 9
- Important: 150
Impact
- Remote Code Execution: 58
- Elevation of Privilege: 40
- Information Disclosure: 22
- Denial of Service: 20
- Security Feature Bypass: 14
- Spoofing: 5
CVSS base score 9.0 or greater: 3
CVSS base score 8.0 or greater: 40

Figure 1: The first patch haul of the year shows a variety of impacts, with Remote Code Execution dominating

Products Affected

Windows: 132
365: 13
Office: 13
Visual Studio: 7
.NET: 4
Access: 3
SharePoint: 3
Office for Mac: 2
AutoUpdate for Mac: 1
Excel: 1
Outlook: 1
On-Premises Data Gateway: 1
Power Automate: 1

For this list, CVEs impacting multiple product families are counted once for each affected family.

Figure 2: The majority of this month’s Windows patches relate to the server-side OS, with minimal impact on Office for Mac

Key January Updates

Among the other issues, there are some specific notable updates:

CVE-2025-21298 — Windows OLE Remote Code Execution Vulnerability

This critical-severity vulnerability with a CVSS score of 9.8 is particularly significant due to its potential exploitation through Rich Text Format (RTF), affecting various products, especially email. The flaw can be triggered in the Preview Pane, making it dangerous even without any interaction from the user. While not actively exploited at present, the clock is ticking according to the finders who collaborated with The Zero-Day Initiative to report it. Microsoft recommends users to read email in plaintext mode and provides instructions to configure Outlook accordingly. Users of other email clients should take similar precautions.

CVE-2025-21311 — Windows NTLM V1 Elevation of Privilege Vulnerability

Another vulnerability rated at 9.8 by CVSS, this issue affects Microsoft’s latest software versions and can be mitigated by adjusting the LmCompatibilityLevel setting to the maximum value of 5 to prevent the utilization of the MTLMv1 protocol. This remotely exploitable vulnerability poses a high risk, requiring no specific knowledge of the target system.

CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – Microsoft Access Remote Code Execution Vulnerability

These CVEs block seven potentially malicious extensions (.accda, .accdb, .accde, .accdr, accdt, .accdu, .accdw) from being transmitted via email, causing a notification to the recipient that they received an attachment that cannot be accessed. All three vulnerabilities target Remote Desktop Protocol (RDP) and are publicly known.

CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – various titles

This month addresses eight Virtual Secure Mode component vulnerabilities, requiring administrators to adhere to Microsoft’s guidelines for addressing virtualization-based security (VBS) concerns.

CVE-2025-21343— Windows Web Hazard Defense User Service Data Disclosure Vulnerability

This anomaly, classified as an important-severity disclosure issue, could potentially enable a cyber intruder to capture snapshots of another user’s session if utilized maliciously. Its impact is limited, affecting solely Windows versions 11 22H2, 23H2, and 24H2. This report was forwarded to Microsoft by an unusual discoverer, the Australian Signals Directorate.

CVE-2025-21326 — Internet Explorer Remote Code Execution Vulnerability

Though the name evokes nostalgia, this significant-severity Remote Code Execution (RCE) flaw doesn’t target ancient browsers but rather impacts Windows Server editions 2022 23H2 and 2025.

Figure 3: The peak on the far right? That’s where we stand

Sophos safeguards

CVE	Sophos Intercept X/Endpoint IPS	Sophos XGS Firewall
CVE-2025-21299	Exp/2521299-A	Exp/2521299-A
CVE-2025-21362	sid:2310479	sid:2310479

If you are eager to receive the latest Microsoft updates without relying on automatic downloads, consider obtaining them manually from the Windows Update Catalog portal. Utilize the winver.exe utility to identify the specific version and build of Windows 10 or 11 you are using, then procure the appropriate Cumulative Update package for your system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This compilation of January patches is organized based on impact and further sorted by severity, with each list also arranged by CVE.

Remote Code Execution (58 CVEs)

Critical severity
CVE-2025-21178	Visual Studio Remote Code Execution Vulnerability
CVE-2025-21294	Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21295	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21296	BranchCache Remote Code Execution Vulnerability
CVE-2025-21297	Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21298	Windows OLE Remote Code Execution Vulnerability
CVE-2025-21307	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21309	Windows Remote Desktop Services Remote Code Execution Vulnerability
Important severity
CVE-2025-21171	.NET Remote Code Execution Vulnerability
CVE-2025-21172	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21187	Microsoft Power Automate Remote Code Execution Vulnerability
CVE-2025-21223	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21224	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21233	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21243	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21250	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21252	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21266	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21273	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21282	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21286	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21291	Windows Direct Show Remote Code Execution Vulnerability
CVE-2025-21302	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21305	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21306	Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21326	Internet Explorer Remote Code ExecutionWeakness
CVE-2025-21338	GDI+ Remote Code Execution Flaw
CVE-2025-21339	Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21344	Microsoft SharePoint Server Remote Code Execution Weakness
CVE-2025-21345	Microsoft Office Visio Remote Code Execution Flaw
CVE-2025-21348	Microsoft SharePoint Server Remote Code Execution Flaw
CVE-2025-21354	Microsoft Excel Remote Code Execution Flaw
CVE-2025-21356	Microsoft Office Visio Remote Code Execution Weakness
CVE-2025-21357	Microsoft Outlook Remote Code Execution Flaw
CVE-2025-21361	Microsoft Outlook Remote Code Execution Weakness
CVE-2025-21362	Microsoft Excel Remote Code Execution Flaw
CVE-2025-21363	Microsoft Word Remote Code Execution Weakness
CVE-2025-21365	Microsoft Office Remote Code Execution Weakness
CVE-2025-21366	Microsoft Access Remote Code Execution Flaw
CVE-2025-21395	Microsoft Access Remote Code Execution Flaw
CVE-2025-21402	Microsoft Office OneNote Remote Code Execution Weakness
CVE-2025-21409	Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21411	Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21413	Windows Telephony Service Remote Code Execution Weakness
CVE-2025-21417	Windows Telephony Service Remote Code Execution Weakness

Escalation of Privilege (40 CVEs)

Severe severity
CVE-2025-21311	Windows NTLM V1 Privilege Elevation Weakness
Significant severity
CVE-2025-21173	.NET Privilege Elevation Flaw
CVE-2025-21202	Windows Recovery Environment Agent Privilege Elevation Weakness
CVE-2025-21226	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21227	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21228	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21229	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21232	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21234	Windows PrintWorkflowUserSvc Privilege Elevation Weakness
CVE-2025-21235	Windows PrintWorkflowUserSvc Privilege Elevation Weakness
CVE-2025-21249	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21255	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21256	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21258	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21260	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21261	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21263	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21265	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21271	Windows Cloud Files Mini Filter Driver Privilege Elevation Weakness
CVE-2025-21275	Windows App Package Installer Privilege Elevation Weakness
CVE-2025-21281	Microsoft COM for Windows Privilege Elevation Weakness
CVE-2025-21287	Windows Installer Privilege Elevation Weakness
CVE-2025-21292	Windows Search Service Privilege Elevation Weakness
CVE-2025-21293	Active Directory Domain Services Privilege Elevation Weakness
CVE-2025-21304	Microsoft DWM Core Library Privilege Elevation Weakness
CVE-2025-21310	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21315	Microsoft Brokering File System Privilege Elevation Weakness
CVE-2025-21324	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21327	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21331	Windows Installer Privilege Elevation Weakness
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Privilege Elevation Weakness
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Privilege Elevation Weakness
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Privilege Elevation Weakness
CVE-2025-21341	Windows Digital Media Privilege Elevation Weakness
CVE-2025-21360	Microsoft AutoUpdate (MAU) Privilege Elevation Weakness
CVE-2025-21370	Windows Virtualization-Based Security (VBS) Enclave Privilege Elevation Weakness
CVE-2025-21372	Microsoft Brokering File System Privilege Elevation Weakness
CVE-2025-21378	Windows CSC Service Privilege Elevation Weakness
CVE-2025-21382	Windows Graphics Component Privilege Elevation Weakness
CVE-2025-21405	Visual Studio Privilege Elevation Weakness

Information ExposureTwenty-two Common Vulnerabilities and Exposures (CVEs)

Significant seriousness

CVE-2024-50338 GitHub: CVE-2024-50338 Malformed link permits data disclosure via git-credential-manager

CVE-2025-21210 Windows BitLocker Data Disclosure Vulnerability

CVE-2025-21214 Windows BitLocker Data Disclosure Vulnerability

CVE-2025-21215 Safe Boot Safety Attribute Override Vulnerability

CVE-2025-21220 Microsoft Message Queuing Data Disclosure Vulnerability

CVE-2025-21242 Windows Kerberos Data Disclosure Vulnerability

CVE-2025-21257 Windows WLAN AutoConfig Service Data Disclosure Vulnerability

CVE-2025-21272 Windows COM Server Data Disclosure Vulnerability

CVE-2025-21288 Windows COM Server Data Disclosure Vulnerability

CVE-2025-21301 Windows Geolocation Service Data Disclosure Vulnerability

CVE-2025-21312 Windows Smart Card Reader Data Disclosure Vulnerability

CVE-2025-21316 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21317 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21318 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21319 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21320 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21321 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21323 Windows Kernel Memory Data Disclosure Vulnerability

CVE-2025-21336 Windows Cryptographic Data Disclosure Vulnerability

CVE-2025-21343 Windows Web Threat Defense User Service Data Disclosure Vulnerability

CVE-2025-21374 Windows CSC Service Data Disclosure Vulnerability

CVE-2025-21403 On-Premises Data Gateway Data Disclosure Vulnerability

Service Denial (20 CVEs)

Significant seriousness

CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Service Denial Vulnerability

CVE-2025-21218 Windows Kerberos Service Denial Vulnerability

CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Service Denial Vulnerability

CVE-2025-21230 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21231 IP Helper Service Denial Vulnerability

CVE-2025-21251 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21270 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21274 Windows Event Tracing Service Denial Vulnerability

CVE-2025-21276 Windows MapUrlToZone Service Denial Vulnerability

CVE-2025-21277 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Service Denial Vulnerability

CVE-2025-21280 Windows Virtual Trusted Platform Module Service Denial Vulnerability

CVE-2025-21284 Windows Virtual Trusted Platform Module Service Denial Vulnerability

CVE-2025-21285 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21289 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21290 Microsoft Message Queuing (MSMQ) Service Denial Vulnerability

CVE-2025-21300 Windows upnphost.dll Service Denial Vulnerability

CVE-2025-21313 Windows Security Account Manager (SAM) Service Denial Vulnerability

CVE-2025-21330 Windows Remote Desktop Services Service Denial Vulnerability

CVE-2025-21389 Windows upnphost.dll Service Denial Vulnerability

Security Attribute Override (14 CVEs)

Significant seriousness

CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass

CVE-2025-21189 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21211 Secure Boot Security Attribute Override Vulnerability

CVE-2025-21213 Secure Boot Security Attribute Override Vulnerability

CVE-2025-21219 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21268 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21269 Windows HTML Platforms Security Attribute Override Vulnerability

CVE-2025-21299 Windows Kerberos Security Attribute Override Vulnerability

CVE-2025-21328 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21329 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21332 MapUrlToZone Security Attribute Override Vulnerability

CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Attribute Override Vulnerability

CVE-2025-21346 Microsoft Office Security Attribute Override Vulnerability

CVE-2025-21364 Microsoft Excel Security Attribute Override Vulnerability

Masquerading (5 CVEs)

Significant seriousness

CVE-2025-21193 Active Directory Federation Server Masquerading Vulnerability

CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability

CVE-2025-21308 Windows Themes Spoofing Vulnerability

CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability

CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

Exploitability – Appendix B

Here lies the exploitability assessment of the January CVEs as categorized by Microsoft, indicating whether they have been actively exploited or are at a high risk of exploitation within the first 30 days after release. The CVEs are listed by their respective identification numbers.

Exploitation identified

CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Likelihood of future exploitation in the next 30 days

CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability

CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability

CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability

CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability

CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability

CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability

CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability

Products Affected – Appendix C

Here is a compilation of the January patches categorized by the affected product families and further classified by severity levels. The lists are organized according to the CVE identifiers. It should be noted that for products impacting multiple families, they are listed separately for each one. For Windows Server-related issues, please refer to Appendix E. Office for Mac specifically addresses CVE-2025-21361 in a dedicated entry.

Windows (132 CVEs)

Critical severity

CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability

CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

CVE-2025-21296 BranchCache Remote Code Execution Vulnerability

CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability

CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability

Significant severity

CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass

CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability

CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability

CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability

CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability

CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability

CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability

CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability

CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability

CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial

Security Weakness Detected CVE-2025-21231 IP Aid Denial of Service Vulnerability CVE-2025-21232 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21233 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21234 Windows PrintWorkflowUserSvc Privilege Escalation Vulnerability CVE-2025-21235 Windows PrintWorkflowUserSvc Privilege Escalation Vulnerability CVE-2025-21236 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21237 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21238 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21239 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21240 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21241 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21242 Windows Kerberos Data Exposure Vulnerability CVE-2025-21243 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21244 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21245 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21246 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21248 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21249 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21250 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21252 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21255 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21256 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21257 Windows WLAN AutoConfig Service Data Exposure Vulnerability CVE-2025-21258 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21260 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21261 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21263 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21265 Windows Digital Multimedia Privilege Escalation Vulnerability CVE-2025-21266 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21268 MapUrlToZone Security Bypass Vulnerability CVE-2025-21269 Windows HTML Platforms Security Bypass Vulnerability CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21271 Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability CVE-2025-21272 Windows COM Server Data Exposure Vulnerability CVE-2025-21273 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability CVE-2025-21275 Windows App Package Installer Privilege Escalation Vulnerability CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21281 Microsoft COM for Windows Privilege Escalation Vulnerability CVE-2025-21282 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21286 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21287 Windows Installer Privilege Escalation Vulnerability CVE-2025-21288 Windows COM Server Data Exposure Vulnerability CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability CVE-2025-21292 Windows Search Service Privilege Escalation Vulnerability CVE-2025-21293 Elevation of Privilege Vulnerability in Active Directory Domain Services CVE-2025-21299 Windows Kerberos Security Bypass Vulnerability CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability CVE-2025-21301 Windows Geolocation Service Data Exposure Vulnerability CVE-2025-21302 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21303 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21304 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2025-21305 Windows Telecommunication Service Vulnerability to Remote Code Execution CVE-2025-21306 Windows
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21371 Microsoft Word Security Feature Bypass Vulnerability CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability
Technical (13 CVEs)

Important severity

CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21423 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21431 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21432 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21433 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21437 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21441 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21443 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21447 Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21450 Windows Telephony Service Remote Code Execution Vulnerability

365 (13 CVEs)
CVE-2025-21354 Microsoft Excel Vulnerability Allowing Remote Code Execution CVE-2025-21356 Microsoft Office Visio Vulnerability Allowing Remote Code Execution CVE-2025-21363 Microsoft Word Vulnerability Allowing Remote Code Execution CVE-2025-21364 Microsoft Excel Vulnerability Bypassing Security Features CVE-2025-21365 Microsoft Office Vulnerability Allowing Remote Code Execution CVE-2025-21357 Microsoft Outlook Vulnerability Allowing Remote Code Execution
Visual Studio (7 Vulnerabilities)

Severity Level: Critical

CVE-2025-21178 Visual Studio Vulnerability Allowing Remote Code Execution

Severity Level: Important

CVE-2024-50338 GitHub: CVE-2024-50338 Exploitable through Malformed URL for Information Disclosure via git-credential-manager

CVE-2025-21171 .NET Vulnerability Enabling Remote Code Execution

CVE-2025-21172 .NET and Visual Studio Vulnerability Enabling Remote Code Execution

CVE-2025-21173 .NET Privilege Elevation Vulnerability

CVE-2025-21176 .NET, .NET Framework, and Visual Studio Vulnerability Enabling Remote Code Execution

CVE-2025-21405 Visual Studio Privilege Elevation Vulnerability

.NET (4 Vulnerabilities)

Severity Level: Important

CVE-2025-21171 .NET Vulnerability Enabling Remote Code Execution

CVE-2025-21172 .NET and Visual Studio Vulnerability Enabling Remote Code Execution

CVE-2025-21173 .NET Privilege Elevation Vulnerability

CVE-2025-21176 .NET, .NET Framework, and Visual Studio Vulnerability Enabling Remote Code Execution

Access (3 Vulnerabilities)

Severity Level: Important

CVE-2025-21186 Microsoft Access Vulnerability Allowing Remote Code Execution

CVE-2025-21366 Microsoft Access Vulnerability Allowing Remote Code Execution

CVE-2025-21395 Microsoft Access Vulnerability Allowing Remote Code Execution

SharePoint (3 Vulnerabilities)

Severity Level: Important

CVE-2025-21344 Microsoft SharePoint Server Vulnerability Enabling Remote Code Execution

CVE-2025-21348 Microsoft SharePoint Server Vulnerability Enabling Remote Code Execution

CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

Office for Mac (2 Vulnerabilities)

Severity Level: Important

CVE-2025-21338 Microsoft Outlook Vulnerability Enabling Remote Code Execution

CVE-2025-21361 GDI+ Vulnerability Enabling Remote Code Execution

AutoUpdate for Mac (1 Vulnerability)

Severity Level: Important

CVE-2025-21360 Microsoft AutoUpdate (MAU) Vulnerability Allowing Privilege Elevation

Excel (1 Vulnerability)

Severity Level: Important

CVE-2025-21362 Microsoft Excel Vulnerability Enabling Remote Code Execution

Outlook (1 Vulnerability)

Severity Level: Important

CVE-2025-21357 Microsoft Outlook Vulnerability Enabling Remote Code Execution

On-Premises Data Gateway (1 Vulnerability)

Severity Level: Important

CVE-2025-21403 On-Premises Data Gateway Vulnerability Allowing Information Disclosure

Power Automate (1 Vulnerability)

Severity Level: Important

CVE-2025-21187 Microsoft Power Automate Vulnerability Enabling Remote Code Execution

Appendix D: Advisories and Other Products

This article includes information about advisories and other related software vulnerabilities in the January edition. While Microsoft has taken steps to address the issues in the specified CVEs, they have been included in the release for transparency.

Microsoft Details:

CVE / ID Product Title

ADV990001 Recent Servicing Stack Updates

CVE-2025-21185 Edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Elevation of Privilege N/A

CVE-2025-21380 Marketplace SaaS Azure Marketplace SaaS Resources Vulnerability Allowing Information Disclosure Information Disclosure Critical

CVE-2025-21385 Purview Microsoft Purview Vulnerability Allowing Information Disclosure Information Disclosure Critical

There are no Adobe advisories included in this month’s release.

Appendix E: Affected Versions of Windows Server

This table presents the CVEs in the January release affecting nine distinct versions of Windows Server, ranging from 2008 to 2025. The table differentiates between major versions of the platform without delving into specific Server Core details. Critical-severity vulnerabilities are highlighted in red, while an “x” indicates that the particular CVE is not relevant to that version. Administrators are advised to use this appendix as an initial resource to determine their specific exposure, given the varying situations of each reader, particularly regarding products that are no longer in mainstream support. For specific Knowledge Base references, consult Microsoft’s documentation.

2008 2008-R2 2012 2012-R2 2016 2019 2022 2022 Second Half 2025

Common Vulnerabilities and Exposures 2024-7344 × × ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21189 × × × ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21193 × × × × ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21202 × × × × ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21207 × × × × × ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21210 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21211 × × ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21213 × × ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21214 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21215 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21217 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21218 × × ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21219 × × × × ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21220 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21223 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21224 × × × × × × ■ ■ ■

Common Vulnerabilities and Exposures 2025-21225 × × × × ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21226 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21227 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21228 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21229 × × ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21230 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21231 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21232 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21233 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21234 × × × × × × ■ ■ ■

Common Vulnerabilities and Exposures 2025-21235 × × × × × × ■ ■ ■

Common Vulnerabilities and Exposures 2025-21236 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21237 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21238 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21239 × × × × ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21240 ■ ■ ■ ■ ■ ■ ■ ■ ■

Common Vulnerabilities and Exposures 2025-21241 × × × × ■ ■ ■ ■ ■

CVE-2025-21242 × ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21243 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21244 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21245 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21246 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21248 × × × × ■ ■ ■ ■ ■

CVE-2025-21249 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21250 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21251 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21252 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21255 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21256 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21257 × × × × ■ ■ ■ ■ ■

CVE-2025-21258 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21260 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21261 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21263 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21265 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21266 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21268 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21269 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21270 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21271 × × × × × ■ ■ × ×

CVE-2025-21272 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21273 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21274 × × × ■ ■ ■ ■ ■ ■

CVE-2025-21275 × × × × × × ■ ■ ■

CVE-2025-21276 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21277 ■ ■ ■ ■ ■ ■ ■ ■ ■

CVE-2025-21278 × × ■ ■ ■ ■ ■ ■

CVE-2025-21280 × × × × ■ ■ ■ ■ ■

CVE-2025-21281 × × ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21282 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21284 × × × × ■ ■ ■ ■ ■

Vulnerability-2025-21285 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21286 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21287 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21288 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21289 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21290 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21291 × × × × × ■ ■ ■ ×

Vulnerability-2025-21292 × × × × × ■ ■ ■ ■

Vulnerability-2025-21293 × × ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21294 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21295 × ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21296 × ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21297 × ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21298 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21299 × × × × ■ ■ ■ ■ ■

Vulnerability-2025-21300 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21301 × × × × ■ ■ ■ ■ ■

Vulnerability-2025-21302 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21303 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21304 × × × × ■ ■ × × ×

Vulnerability-2025-21305 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21306 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21307 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21308 × × ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21309 × × ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21310 ■ ■ ■ ■ ■ ■ ■ ■ ■

Vulnerability-2025-21311 × × ● ● ● ● ● ● ×

Vulnerability-2025-21313 × × × × × × × ● ●

Vulnerability-2025-21314 × × × × ● ● ● ● ●

Vulnerability-2025-21315 × × × × × × × ● ●

Vulnerability-2025-21316 × × × ● ● ● ● ● ●

Vulnerability-2025-21317 × × × × × × ● ● ●

Vulnerability-2025-21318 × × ● ● ● ● ● ● ●

Vulnerability-2025-21319 × ● ● ● ● ● ● ● ●

Vulnerability-2025-21320 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21321 × × ● ● ● ● ● ● ●

Vulnerability-2025-21323 × × × × ● ● ● ● ●

Vulnerability-2025-21324 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21326 × × × × × × × ● ●

Vulnerability-2025-21327 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21328 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21329 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21330 × × × × × ● ● ● ●

Vulnerability-2025-21331 ● ● ● ● ● ● ● ● ×

Vulnerability-2025-21332 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21333 × × × × × × × ● ●

Vulnerability-2025-21334 × × × × × × × ● ●

Vulnerability-2025-21335 × × × × × × × ● ●

Vulnerability-2025-21336 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21338 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21339 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21340 × × × × × ● ● ● ●

Vulnerability-2025-21341 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21343 × × × × × × × × ×

Vulnerability-2025-21370 × × × × × × × × ×

Vulnerability-2025-21372 × × × × × × × ● ●

Vulnerability-2025-21374 × × ● ● ● ● ● ● ●

Vulnerability-2025-21378 × × ● ● ● ● ● ● ●

Vulnerability-2025-21382 × × × × × ● ● ● ●

Vulnerability-2025-21389 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21409 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21411 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21413 ● ● ● ● ● ● ● ● ●

Vulnerability-2025-21417 ● ● ● ● ● ● ● ● ●

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: #featured, addressed, CVE-2025-21298, families, issues, Microsoft, Microsoft windows, nine, OLE, Patch Tuesday, patches, Product, released, RTF, threat—research, touching, Tuesday

Post navigation

Previous: Australian Government Organizations Struggling to Keep Pace With Changes in Cyber Security
Next: January Patch Tuesday sets new all-time high with 159-CVE rate

January Patch Tuesday Smashes Single-Month Record with 159-CVE

About Author

AndyC

I am not a robot: ClickFix used to deploy StealC and Qilin

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

A big finish to 2025 in December’s Patch Tuesday

React2Shell flaw (CVE-2025-55182) exploited for remote code execution

I am not a robot: ClickFix used to deploy StealC and Qilin

Microsoft December Update Breaks Critical IIS Servers

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

What is secrets sprawl and how does it impact NHIs

I am not a robot: ClickFix used to deploy StealC and Qilin

About Author

More Stories

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed