Summary: Microsoft has released patches for 161 security vulnerabilities, including three actively exploited zero-days, marking the largest monthly update since 2017. Among the critical flaws, several could allow attackers to execute remote code or gain elevated privileges on affected systems.
Threat Actor: Unknown | unknown
Victim: Microsoft Users | Microsoft Users
Key Point :
- Microsoft addressed 161 vulnerabilities, including 11 rated Critical and 149 Important.
- Three Hyper-V vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) are under active exploitation, potentially allowing SYSTEM privileges.
- Five Critical flaws include vulnerabilities in Microsoft Digest Authentication and Windows OLE, which could lead to remote code execution.
- CISA has added the Hyper-V vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply the fixes by February 4, 2025.
- Recommendations include reading emails in plain text and using Microsoft Outlook to mitigate risks associated with the vulnerabilities.
Source: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html