Skip to main content

Scheduled updates for Microsoft products, including security updates for 159 vulnerabilities, with three reported as actively exploited

Threat ID:CC-4607
Threat Severity:Medium
Published:15 January 2025 4:12 PM

Summary

Scheduled updates for Microsoft products, including security updates for 159 vulnerabilities, with three reported as actively exploited

Affected platforms

The following platforms are known to be affected:

Microsoft Windows
Microsoft Windows Server
Microsoft Office

The following platforms are also known to be affected:

  • .NET, .NET Framework, Visual Studio
  • Active Directory Domain Services
  • Active Directory Federation Services
  • Internet Explorer
  • Line Printer Daemon Service (LPD)
  • Microsoft AutoUpdate (MAU)
  • Microsoft Azure Gateway Manager
  • Microsoft Brokering File System
  • Microsoft Digest Authentication
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Access
  • Microsoft Office Excel
  • Microsoft Office OneNote
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Office Word
  • Power Automate
  • Reliable Multicast Transport Driver (RMCAST)
  • Servicing Stack Updates
  • Windows BitLocker
  • Windows Client-Side Caching (CSC) Service
  • Windows COM
  • Windows Connected Devices Platform Service
  • Windows Cryptographic Services
  • Windows Digital Media
  • Windows Direct Show
  • Windows DWM Core Library
  • Windows Event Tracing
  • Windows Hello
  • Windows Hyper-V NT Kernel Integration VSP
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel Memory
  • Windows Message Queuing
  • Windows NTLM
  • Windows OLE
  • Windows PrintWorkflowUserSvc
  • Windows Recovery Environment Agent
  • Windows Remote Desktop Services
  • Windows Secure Boot
  • Windows Security Account Manager
  • Windows Smart Card
  • Windows SmartScreen
  • Windows SPNEGO Extended Negotiation
  • Windows Telephony Service
  • Windows UPnP Device Host
  • Windows Virtual Trusted Platform Module
  • Windows Virtualization-Based Security (VBS) Enclave
  • Windows Web Threat Defense User Service
  • Windows WLAN Auto Config Service

Threat details

Exploitation of CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335

Microsoft has stated that exploitation of the vulnerabilities CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335 has been observed. NHS England's National CSOC considered further exploitation as highly likely.


Introduction

Microsoft has released security updates to address 159 vulnerabilities in Microsoft products. Six vulnerabilities are outlined below, of which three are critical severity and three others that are actively exploited. 



Vulnerability Details

  • CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability

CVE-2025-21298 is a 'Use After Freevulnerability in Windows and Windows Server with a CVSSv3 score of 9.8. Successful exploitation would allow a remote, unauthenticated attacker to perform remote code execution (RCE).

  • CVE-2025-21307 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

CVE-2025-21307 is a ‘Use After Free’ vulnerability in Windows and Windows Server with a CVSSv3 score of 9.8. Successful exploitation would allow a remote, unauthenticated attacker to perform RCE.

  • CVE-2025-21311 - Windows NTLM V1 Elevation of Privilege Vulnerability 

CVE-2025-21311 is an ‘Incorrect Implementation of Authentication Algorithm’ vulnerability in Windows and Windows Server with a CVSSv3 score of 9.8. Successful exploitation would allow a remote unauthenticated attacker to escalate privileges.

  • CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21333 is a ‘Heap-based Buffer Overflow’ Free’ vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation would allow an attacker to gain SYSTEM privileges. This vulnerability is under active exploitation.

  • CVE-2025-21334 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability 

CVE-2025-21334 is a ‘Use After Free’ vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation would allow an attacker to gain SYSTEM privileges. This vulnerability is under active exploitation.

  • CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21335 is a ‘Use After Free’ vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation would allow an attacker to gain SYSTEM privileges. This vulnerability is under active exploitation.

Remediation advice

Affected organisations are encouraged to review Microsoft's January 2025 Security Updates and apply the relevant updates as soon as practicable.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2025-21298Windows OLE Remote Code Execution Vulnerability
StatusPublished
CVE-2025-21307Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
StatusPublished
CVE-2025-21311Windows NTLM V1 Elevation of Privilege Vulnerability
StatusPublished
CVE-2025-21333Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
StatusPublished
CVE-2025-21334Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
StatusPublished
CVE-2025-21335Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Last edited: 15 January 2025 4:37 pm

Back to top