Summary: Microsoft is grappling with multiple zero-day vulnerabilities in its Windows Hyper-V platform, with attackers already exploiting these flaws for privilege escalation. The company has issued urgent advisories but has not provided technical details to assist defenders.
Threat Actor: Malicious attackers | malicious attackers
Victim: Microsoft | Microsoft
Key Point :
- Three zero-day vulnerabilities (CVE-2025-21334, CVE-2025-21333, CVE-2025-21335) in Windows Hyper-V have been exploited.
- Microsoft’s January Patch Tuesday addressed a record 160 security defects, with many rated critical severity.
- Remote code execution risks have been identified across various Microsoft services and applications.
- This surge in vulnerabilities could indicate a troubling trend for patch management in 2025.
Source: https://www.securityweek.com/microsoft-patches-trio-of-exploited-windows-hyper-v-zero-days/