Follow @EthHackingNews |
Microsoft's latest security update addresses 161 security vulnerabilities across its software portfolio, including three actively exploited zero-day flaws. These patches are essential for protecting against cyber threats and ensuring the security of organizations' systems.
On January 15, 2025, Microsoft released its latest security update, which patches a total of 161 security vulnerabilities across its software portfolio. Among these vulnerabilities, three zero-days have been actively exploited in attacks, marking a significant concern for cybersecurity professionals and organizations worldwide.
The Zero Day Initiative reported that the update marks the largest number of CVEs addressed in a single month since at least 2017. This highlights the ever-evolving nature of cyber threats and the importance of staying up-to-date with the latest security patches.
Among the vulnerabilities patched by Microsoft is a trio of flaws in Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335). These flaws have been actively exploited in attacks, with attackers gaining SYSTEM privileges. The Virtualization Service Provider (VSP) resides in the root partition of a Hyper-V instance, providing synthetic device support to child partitions over the Virtual Machine Bus (VMBus).
"Given that the entire thing is a security boundary," said Rapid7's Lead Software Engineer, Adam Barnett, "it's perhaps surprising that no Hyper-V NT Kernel Integration VSP vulnerabilities have been acknowledged by Microsoft until today. However, it won't be at all shocking if more now emerge."
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by February 4, 2025.
Separately, Microsoft warned that five of the bugs are publicly known, including CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 (CVSS scores: 7.8) - Microsoft Access Remote Code Execution Vulnerability and CVE-2025-21275 (CVSS score: 7.8) - Windows App Package Installer Elevation of Privilege Vulnerability. These vulnerabilities have been exploited in attacks, with attackers gaining elevated privileges.
Microsoft also patched a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), which has not been assigned any severity. This highlights the importance of staying informed about all potential security vulnerabilities.
Among the patches released by Microsoft, an information disclosure flaw affecting Windows BitLocker (CVE-2025-21210, CVSS score: 4.2) was also addressed. This vulnerability could allow for the recovery of hibernation images in plaintext assuming an attacker is able to gain physical access to the victim machine's hard disk.
"Hibernation images are used when a laptop goes to sleep and contains the contents that were stored in RAM at the moment the device powered down," said Kev Breen, senior director of threat research at Immersive Labs. "This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials, and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files."
In addition to Microsoft's latest security update, other vendors have also released security updates to rectify several vulnerabilities. These include Adobe, Amazon Web Services, Arm, ASUS, Broadcom (including VMware), Cisco, D-Link, Dell, Drupal, F5, Fortinet, Fortra, GitHub, GitLab, Google Android and Pixel, Google Chrome, Google Cloud, HP, HP Enterprise (including Aruba Networking), Huawei, IBM, Imagination Technologies, Ivanti, Juniper Networks, Lenovo, Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu, MediaTek, Moxa, Mozilla Firefox, Firefox ESR, and Thunderbird, NVIDIA, Palo Alto Networks, Phoenix Technologies, Qualcomm, Rockwell Automation, Rsync, Salesforce, Samsung, SAP, Schneider Electric, Siemens, SimpleHelp, SonicWall, Splunk, Veeam, Zoho ManageEngine, Zoom, and Zyxel.
These security updates demonstrate the importance of staying informed about all potential security vulnerabilities and the need for organizations to implement a proactive approach to cybersecurity.
Follow @EthHackingNews |