Security Patch Update: January 2025 Security Fixes Address Elevation of Privilege Threats
Microsoft’s most recent set of security updates includes an expanded list of banned Windows Kernel Susceptible Drivers and solutions for various privilege escalation vulnerabilities. The January 2025 Security Update tackled 159 security issues.
Keeping software up-to-date requires the application of security fixes. However, caution should be exercised when dealing with early iterations of patches, and they should be first tested in controlled environments.
Microsoft enhances the List of Vulnerable Driver Blacklist
In the January 2025 security update for Windows 11, version 24H2, the catalog of vulnerable drivers susceptible to Bring Your Own Vulnerable Driver attacks was broadened. Vulnerabilities in kernel drivers could provide openings for malicious actors to infiltrate the kernel.
According to Microsoft’s suggested driver block regulations, “The list of vulnerable drivers is designed to reinforce systems against drivers developed outside of Microsoft’s scope across the Windows environment.”
Windows Hyper-V NT Kernel Integration VSP Issue Vulnerability Resolved
Patches for three Windows Hyper-V NT Kernel Integration VSP Privilege Escalation vulnerabilities that have been exploited were launched by Microsoft: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. The successful exploitation of any of these could result in granting the attacker SYSTEM privileges.
VIEW: The concern of employees circumventing security recommendations continues to be prevalent in corporate environments.
Several problems with high CVSS severity scores
Noteworthy CVEs in this update consist of a vulnerability allowing remote code execution in Object Linking and Embedding, a technology enabling linking within Microsoft Outlook. Although this vulnerability has a severity rating of 9.8, it has not been utilized in real-world attacks.
Similarly, an elevation of privilege vulnerability in the NTLMv1 protocol also holds a rating of 9.8 but has not been publicly exploited. The third concern, with a score of 9.8, that was addressed in January, is related to a vulnerability allowing remote code execution in the Windows Reliable Multicast Transport Driver.
Citrix components may obstruct the installation of the January security update
Individuals with Citrix components incorporated into their systems may face obstacles while attempting to install the January 2025 Windows security update, as highlighted by Microsoft. Rectification efforts are underway, and Citrix has provided a temporary resolution.
Downloads or automated patches available for other security concerns
Microsoft is cognizant of several other glitches with the latest Windows 11 release. Users who installed the October 2024 security update may encounter issues with OpenSSH (Open Secure Shell) not functioning correctly. Microsoft has introduced a solution. Additionally, users on Arm architecture can only directly access the Roblox video game, bypassing the Microsoft Store on Windows, for the time being.
On Jan. 7, Microsoft issued an update for PowerPoint 2016. A particular issue where OLE could load and instantiate automatically in PowerPoint has been resolved. Users with Microsoft Update will receive the patch automatically, or they can opt to manually download it.
Microsoft highlighted a patch from a third-party outside its ecosystem in January: CVE-2024-50338, a vulnerability enabling information disclosure in Git for Microsoft Visual Studio, has been remedied. This flaw could expose confidential data or privileged information associated with Visual Studio users.
About Author
