Summary: Microsoft is grappling with multiple zero-day vulnerabilities in its Windows Hyper-V platform, with attackers already exploiting these flaws for privilege escalation. The company has issued urgent advisories but has not provided technical details to assist defenders.

Threat Actor: Malicious attackers | malicious attackers
Victim: Microsoft | Microsoft

Key Point :

• Three zero-day vulnerabilities (CVE-2025-21334, CVE-2025-21333, CVE-2025-21335) in Windows Hyper-V have been exploited.
• Microsoft’s January Patch Tuesday addressed a record 160 security defects, with many rated critical severity.
• Remote code execution risks have been identified across various Microsoft services and applications.
• This surge in vulnerabilities could indicate a troubling trend for patch management in 2025.