
Microsoft began 2025 by addressing a total of 161 security vulnerabilities in its software, which includes three zero-day weaknesses that have been actively exploited in attacks. Among these, 11 are classified as Critical, while 149 are marked Important. A notable flaw not linked to Microsoft products involves a Windows Secure Boot bypass (CVE-2024-7344) which lacks an assigned severity rating.
This update represents the largest number of vulnerabilities addressed in a single month since at least 2017, including recent fixes related to Microsoft Edge’s Chromium-based browser.
Key among the patches are three high-severity flaws associated with Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335), each with a CVSS score of 7.8. These vulnerabilities are currently known to be exploited, and successful attacks could provide an attacker with SYSTEM privileges.
The specific methods of exploitation and the identity of the threat actors remain unknown. However, due to the nature of these vulnerabilities as privilege escalation bugs, it is likely that they are utilized in scenarios where the attacker has already gained access to a system.
Security experts emphasized the importance of monitoring Hyper-V’s integrity, noting that this service operates in the root partition of a Hyper-V instance. The vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog, compelling federal agencies to implement necessary fixes by February 4, 2025.
Additionally, Microsoft revealed that five vulnerabilities were already publicly disclosed, with various Remote Code Execution (RCE) risks identified. Attackers may exploit these flaws by deceiving users into opening specially crafted files or emails.
Alongside the Microsoft patch, updates from other technology vendors, including Adobe and Amazon Web Services, were issued to address several vulnerabilities across their platforms.
It is critical for organizations and users alike to apply these updates promptly to mitigate potential attacks and protect sensitive data from exploitation.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.