Summary: Microsoft has released patches for 161 security vulnerabilities, including three actively exploited zero-days, marking the largest monthly update since 2017. Among the critical flaws, several could allow attackers to execute remote code or gain elevated privileges on affected systems.

Threat Actor: Unknown | unknown
Victim: Microsoft Users | Microsoft Users

Key Point :

• Microsoft addressed 161 vulnerabilities, including 11 rated Critical and 149 Important.
• Three Hyper-V vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) are under active exploitation, potentially allowing SYSTEM privileges.
• Five Critical flaws include vulnerabilities in Microsoft Digest Authentication and Windows OLE, which could lead to remote code execution.
• CISA has added the Hyper-V vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply the fixes by February 4, 2025.
• Recommendations include reading emails in plain text and using Microsoft Outlook to mitigate risks associated with the vulnerabilities.